Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: uugetty mgetty also...

Re: uugetty mgetty also...

From: Rodrigo Barbosa <rodrigob_at_bh.conectiva.com.br>
Date: Tue, 4 Dec 2001 13:45:51 -0200

Reproduced on Conectiva Linux 7.0.

So far:

mingetty: Not vulnerable
getty: Vulnerable
uugetty: Vulnerable
mgetty: Not vulnerable (only root can execute)

And there goes a question: is there any reason to someone other than root
have execute permission ? mgetty is 700 here.

On Mon, Dec 03, 2001 at 06:09:21PM -0500, KF wrote:
> Ok this is about down to shits and giggles...I would assume about
> anything
> with getty in its name COULD have the same issue... how this is
> abused...
> who knows at the moment...But these also suffer from the command line
> overflow.
>
> [root_at_linux elguapo]# uugetty `perl -e 'print "A"x 9000'`
> Segmentation fault (core dumped)
>
> [root_at_linux elguapo]# mgetty `perl -e 'print "A"x 9000'`
> Segmentation fault (core dumped)
> 

-- 
 Rodrigo Barbosa                   - rodrigob at bh.conectiva.com.br
 Conectiva S/A			   - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodiet?" - http://www.conectiva.com/

  • application/pgp-signature attachment: stored
Received on Dec 04 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos