Re: dip 3.3.7p-overflow

• Previous message: Pavel Kankovsky: "Re: SECURITY.NNOV: directory traversal and path globing in multiple archivers"
• In reply to: Marcin Marszalek: "Re: dip 3.3.7p-overflow"
• Next in thread: Martijn A.: "Re: dip 3.3.7p-overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Marcin,

> > After doing a check on my SuSE linux 7.0 x86 i found something interesting:
> >
> > hegi@faust:~ > ls -la /usr/sbin/dip
> > -rwsr-xr--   1 root     dialout     62056 Jul 29  2000 /usr/sbin/dip
> >
> > DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
> > Written by Fred N. van Kempen, MicroWalt Corporation.
> 
> > (gdb) run -k -l `perl -e 'print "a" x 130 '`
> > Starting program: /usr/sbin/dip -k -l `perl -e 'print "a" x 130 '`
> > DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
> > Written by Fred N. van Kempen, MicroWalt Corporation.
> >
> > DIP: cannot open /var/lock/LCK..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: Datei oder Verzeichnis nicht gefunden
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x61616161 in ?? ()
> 
> The same packet and problem is on SuSe 7.1 and RedHat 6.2. I don't have
> SuSe 7.2 to check.

Does Red Hat 6.2 ship the DIP binary with a suid/sgid bit ?
Red Hat 7.1 installs dip-3.3.7o (which segfaults) with perms 0755


Kind regards,

 Ron van Daal

• Next message: David LeBlanc: "RE: Windows MS-DOS Device Name DoS vulnerabilities"
• Previous message: Pavel Kankovsky: "Re: SECURITY.NNOV: directory traversal and path globing in multiple archivers"
• In reply to: Marcin Marszalek: "Re: dip 3.3.7p-overflow"
• Next in thread: Martijn A.: "Re: dip 3.3.7p-overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 14:03:14 PDT