Actually agetty IS vulnerable... it just needed a little more lovin. [root@linux elguapo]# agetty `perl -e 'print "A" x 9000'` `perl -e 'print "A" x 9000'` Segmentation fault (core dumped) -KF Bill Weiss wrote: > > Scott Mackenzie(smackenzat_private)@Mon, Dec 03, 2001 at 08:07:50PM +0000: > > SEE MESSAGE : > > 'Can anyone verify a core dump on /sbin/mingetty' > > for the original post > > > > The reason why there is no core dump from /sbin is because I didn't have > > write access - should have noticed that but there you go. > > > > Ok, bit more information: > > > > This problem is positive in the following systems: > > * note there could and probably are more but I've only had word of the > > following systems being tested > > > > Red-Hat 6.0 onwards (not tested any before) upto and including 7.2 > > Mandrake 8.0 2.4.3-20mdksmp (presumably similar to redhat here) > > turbolinux 6.0 > > SCO unix 5.0.5 > > > > (this information was quickly gathered by several people; thanks everyone) > > Slackware 7.0 (maybe 8.0) uses agetty, which is not vunerable, as far as I can tell. > It just spits out a usage error. > > -- Bill Weiss
This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 14:02:38 PST