Hello Apparently this aint no 'security bug' in here. The shell prints out this string to notice user he's quitting job or process while sending a signal with Ctrl + 4 ('^\'), a signal also known as SIGQUIT (signal 3) from man signal: SIGQUIT create core image quit program Oh well yeah under linux it doesnt seem to print anything except while playin' around (talking about bash, the default shell): (nofuture)$ read & [1] 1678 (nofuture)$ kill -QUIT 1678 [1]+ Stopped read (nofuture)$ fg read Quit <-- i let you guess if it means its 'vulnerable'.. (nofuture)$ -- toad wastin' time Still unpatched: - some brains On Fri, 31 May 2002 21:36:55 +0200 Admin <adminat_private> wrote: > Hello all, > in these days I got a strange core dump using the ftp client. > This core dump can only did by using the PUTTY ssh client... > > (Tested with putty 0.52) > > >root@Wayreth[~]: ftp ftp.unina.it > >Connected to ftp.unina.it. > >220 > >Name (ftp.unina.it:root): ^\Quit (core dumped) > >root@Wayreth[~]: > > for do that, just push CTRL+ù when the user is requested... > > Tested system: > -OpenBSD 3.1 > -OpenBSD 3.0 > -OpenBSD 2.9 > -FreeBSD 4.4-RC5 > -FreeBSD 4.5-STABLE > -FreeBSD kalieye 4.6-RC FreeBSD 4.6-RC > -SunOS XXXXX 5.6 Generic_105181-30 sun4u sparc SUNW,Ultra-Enterprise > -SunOS XXXXX 5.6 Generic_105182-30 i86pc i386 i86pc > > Not vulnerable: > -Linux > > This bug haven't any security issue, it's only a client and not with the > +s flag. In these day I haven't the time to check the source code for > see what's is wrong, I will did it in some days... > > Agazzini Maurizio > adminat_private >
This archive was generated by hypermail 2b30 : Sat Jun 01 2002 - 16:30:18 PDT