Re: dip 3.3.7p-overflow

From: Martijn A. (rootat_private)
Date: Mon Jul 16 2001 - 20:38:29 PDT

Next message: Christian Herb: "Re: Firewall-1 Information leak"

Previous message: Jamal Motsa: "qsmurf.c"
Maybe in reply to: sebi hegi: "dip 3.3.7p-overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>After doing a check on my SuSE linux 7.0 x86 i found >something
>interesting:
>
>hegi@faust:~ > ls -la /usr/sbin/dip
>-rwsr-xr--   1 root     dialout     62056 Jul 29  2000 /usr/sbin/dip
>
>DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
>Written by Fred N. van Kempen, MicroWalt Corporation.
>
>(gdb) run -k -l `perl -e 'print "a" x 130 '`
>Starting program: /usr/sbin/dip -k -l `perl -e 'print "a" x 130 '`
>DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
>Written by Fred N. van Kempen, MicroWalt Corporation.
>
>DIP: cannot open /var/lock/LCK..aaaa......aaaaaaa: Datei oder >Verzeichnis
>nicht gefunden
>
>Program received signal SIGSEGV, Segmentation fault.
>0x61616161 in ?? ()
>
>The same packet and problem is on SuSe 7.1 and RedHat 6.2. >I don't have
>SuSe 7.2 to check.

SuSE 6.2 and 6.3 are also vulnerable and setuid root. But normal users, just
like on SuSE 7.0, don't have execute permissions on these versions.

Regards,

Martijn A.

Next message: Christian Herb: "Re: Firewall-1 Information leak"
Previous message: Jamal Motsa: "qsmurf.c"
Maybe in reply to: sebi hegi: "dip 3.3.7p-overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 09:09:19 PDT