I can confirm your doubt, I can reproduce it on my machine with 2.4 kernel. root@TRiNiTy:/tmp# touch fuj root@TRiNiTy:/tmp# touch ble root@TRiNiTy:/tmp# touch chakiery_z_polzki root@TRiNiTy:/tmp# seejpeg * Segmentation fault Here is my system: root@TRiNiTy:/tmp# uname -a Linux TRiNiTy 2.4.12 #7 SMP Thu Nov 1 18:16:41 CET 2001 i586 unknown root@TRiNiTy:/tmp# cat /etc/slackware-version 8.0.0 (åtta) Bye. Giuseppe. ----- Original Message ----- From: "Patryk Chmielewski" <argvat_private> To: <vuln-devat_private> Sent: Saturday, November 10, 2001 9:35 PM Subject: Segfault in seejpeg 1.10 > I found bug in seejpeg 1.10 but i think it's not expolitable. Let's see: > (my seejpeg don't have suid and i'm showing this bug running seejpeg at root) > > > My temporary dir is empty: > root@jaskinia:/tmp$ ls > root@jaskinia:/tmp$ > > Next we must create some empty files: > root@jaskinia:/tmp$ touch fuj > root@jaskinia:/tmp$ touch ble > root@jaskinia:/tmp$ touch chakiery_z_polzki > root@jaskinia:/tmp$ > > And main part: > > root@jaskinia:/tmp# seejpeg * > [many '\n' :)] > Empty input file > > svgalib: Signal 11: Segmentation fault received. > Segmentation fault (core dumped) > root@jaskinia:/tmp# > > My OS: > argv@jaskinia:~$ uname -a > Linux jaskinia 2.2.20 #1 Sat Nov 3 22:18:56 CET 2001 i686 unknown > argv@jaskinia:~$ > argv@jaskinia:~$ cat /etc/slackware-version > 8.0.0 (åtta) > argv@jaskinia:~$ > > What do you think about this? > Can you reproduce this on your machines? > > -- > -=[ Patryk Chmielewski -> :: <- argvat_private ]=- > -=[ ****** http://argv.jaskinia.eu.org ****** ]=- > -=[ "If you lie to the compiler, it will get its revenge." ]=-
This archive was generated by hypermail 2b30 : Sat Nov 10 2001 - 22:27:58 PST