m64config

From: alex medvedev (alexmat_private)
Date: Mon Jun 17 2002 - 09:37:34 PDT

Next message: Rich Henning: "Re [BUGTRAQ] : ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS"

Previous message: pr0ix: "Re: openbse rumours"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hallo,

the following happens on solaris sparc 7 and 9, did not test others.
by supplying an invalid resolution ("1" in this case) the suid binary 
generates a bus error. 
i wonder if it is exploitable because i do not see a way of overwriting 
any memory...

# uname -a
SunOS solaris9 5.9 Generic sun4u sparc SUNW,Ultra-5_10
# ls -l /usr/sbin/m64config
-r-sr-xr-x   1 root     bin        28816 Jan 29 12:53 /usr/sbin/m64config
# /usr/sbin/m64config -res 1
m64config: Ambigous value for -res option. Possible values are: 
1024x768x87, 1024x768x60, 1024x768x70, 1024x768x75, 1280x1024x75, 
1024x768x85, 1280x1024x60, 1152x900x66, 1152x900x76, 1280x1024x67, 
1600x1280x76, 1920x1080x72, 1280x800x76, 1440x900x76, 1600x1000x66, 
1600x1000x76, 1920x1200x70, 1280x1024x85, 1280x1024x76, 1152x864x75, 
1600x1200x75, 1600x1200x60, 1024x768x85, 1152, 1280, 1024x768, 1280x1024, 
1152x900, 1600x1280, 1920x1080, 1600x1000, 1920x1200, 1600x1200.

Bus Error - core dumped



-alexm

Next message: Rich Henning: "Re [BUGTRAQ] : ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS"
Previous message: pr0ix: "Re: openbse rumours"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 20:12:31 PDT