('binary' encoding is not supported, stored as-is) ====================================== ==== = VI Overflow Tested in RedHat 7.0/7.1/7.2 = =----------------------------------------= = Author: Andrew Tofan = =----------------------------------------= = Email: aramisat_private = =----------------------------------------= ====================================== ==== I've found a problem in vi , which is located in /bin/vi". Here are some tests I've made in << VIM version 5.7.8>>. Take a look at my test: [root@softly /root]# vi -t "`perl -e 'printf "A"x9000'`" [root@softly /root]# gdb vi core gdb output: ========== Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libtermcap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libtermcap.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 #0 0x80644a7 in strcpy () at ../sysdeps/generic/strcpy.c:31 31 ../sysdeps/generic/strcpy.c: No such file or directory. then take a look at the registers: ==================================== (gdb) info registers eax 0x41414141 1094795585 ecx 0x41414141 1094795585 edx 0x1 1 ebx 0x1 1 esp 0xbfffd1c4 0xbfffd1c4 ebp 0xbfffd1dc 0xbfffd1dc esi 0x41414141 1094795585 edi 0x0 0 eip 0x80644a7 0x80644a7 eflags 0x10206 66054 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x2b 43 gs 0x2b 43 fctrl 0x0 0 fstat 0x0 0 ftag 0x0 0 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 I did't waste my time writing an exploit becouse this: -rwxr-xr-x 1 root root 361852 Aug 7 2000 /bin/vi --==Aramis==--
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 18:38:44 PST