Re: /usr/bin/addresses seg fault

From: Sebastian Krahmer (krahmerat_private)
Date: Mon Mar 25 2002 - 05:55:39 PST

Next message: Bill Pennington: "Re: Wireless Legality- Netstumbler and kin"

Previous message: Replugge [ROD]: "Re: Buffer overflow in awk"
In reply to: Blue R: "/usr/bin/addresses seg fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 22 Mar 2002, Blue R wrote:

Hi,

-rwxr-xr-x    1 root     root         8232 Sep 20  2001 /usr/bin/addresses

/usr/bin/addresses binary belongs to the pilot-link package but it is
neither +s nor does it run as daemon. So even if there is
an overflow inside it is of no use for attackers.

regards,
Sebastian

> Hi,
> 	I am using 2.4.10 and SuSE 7.1, the binary 'addresses' does not give much information with no version options or man page etc. But it has the following behaviour:
>
> r@blue:~ > addresses
> usage:addresses /dev/cua??
>
> r@blue:~ >addresses `perl -e 'print "A" x 131'`
> pi_bind: No such file or directory
>
> r@blue:~ >addresses `perl -e 'print "A" x 132'`
> Segmentation fault
>
> r@blue:~ >gdb ./addresses
> GNU gdb 5.0
> Copyright 2000 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-suse-linux"...(no debugging symbols found)...
> (gdb) set args `perl -e 'print "A" x 132'`
> (gdb) r
> Starting program: /home/r/AUDIT/TEST/./addresses `perl -e 'print "A" x 132'`
> (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
> Program received signal SIGSEGV, Segmentation fault.
> 0x400afdbb in getenv () from /lib/libc.so.6
> (gdb) info reg
> eax            0xbf004141       -1090502335
> ecx            0x8049ff0        134520816
> edx            0x4950   18768
> ebx            0x40198828       1075415080
> esp            0xbffeee94       0xbffeee94
> ebp            0xbffeeebc       0xbffeeebc
> esi            0xbffff500       -1073744640
> edi            0x4002a622       1073915426
> eip            0x400afdbb       0x400afdbb
> eflags         0x210286 2163334
> cs             0x23     35
> ss             0x2b     43
> ds             0x2b     43
> es             0x2b     43
> fs             0x0      0
> gs             0x0      0
> fctrl          0x37f    895
> fstat          0x0      0
> ftag           0xffff   65535
> fiseg          0x23     35
> fioff          0x4086106b       1082527851
> foseg          0x2b     43
> fooff          0xbfffec18       -1073746920
> fop            0x518    1304
>
> Regards,
> B.
>
>
>

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmerat_private - SuSE Security Team
~

Next message: Bill Pennington: "Re: Wireless Legality- Netstumbler and kin"
Previous message: Replugge [ROD]: "Re: Buffer overflow in awk"
In reply to: Blue R: "/usr/bin/addresses seg fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 09:31:27 PST