Vulnerability Development mailing list archives
Re: core dump on mingetty and getty
From: Sean Davis <dive () endersgame net>
Date: Mon, 3 Dec 2001 14:18:35 -0500
Tried this on NetBSD-current (i386) syntax was: /usr/libexec/getty `perl -e 'print "A" x 9000'` and all I got was a login prompt. looks safe to say that NetBSD does not have this problem. On Mon, Dec 03, 2001 at 01:33:58PM -0500, KF wrote:
Getty is also vuln. Tested on Mandrake 8 and SCO unix 5.0.5 [elguapo@linux elguapo]$ /sbin/mingetty `perl -e 'print "A" x 9000'` Segmentation fault (core dumped) [elguapo@linux elguapo]$ /sbin/getty `perl -e 'print "A" x 9000'` Segmentation fault (core dumped) [elguapo@linux elguapo]$ uname -a Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown [elguapo@linux elguapo]$ cat /etc/redhat-release Linux Mandrake release 8.0 (Traktopel) for i586 # /etc/getty `perl -e 'print "A" x 9000'` Memory fault - core dumped # uname -a SCO_SV unixdev 3.2 5.0.5 i386 root () sco checkfree com #/etc/getty `perl -e 'print "A" x 9000'` Memory fault - core dumped root () sco checkfree com #uname -a SCO_SV sco 3.2 5.0.6 i386 Getty: Program received signal SIGSEGV, Segmentation fault. 0x40058b66 in getenv () from /lib/libc.so.6 (gdb) bt #0 0x40058b66 in getenv () from /lib/libc.so.6 #1 0x400a6bb3 in _IO_file_close_it () from /lib/libc.so.6 #2 0x400ab1f5 in mallopt () from /lib/libc.so.6 #3 0x400a716d in malloc () from /lib/libc.so.6 #4 0x4009998e in fopen () from /lib/libc.so.6 #5 0x0804d029 in send () #6 0x41414141 in ?? () Cannot access memory at address 0x41414141 mingetty: Starting program: /sbin/mingetty `perl -e 'print "A" x 9000'` (no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x4007bab7 in vfprintf () from /lib/libc.so.6 (gdb) bt #0 0x4007bab7 in vfprintf () from /lib/libc.so.6 #1 0x40097722 in vsprintf () from /lib/libc.so.6 #2 0x08048ec9 in alarm () #3 0x41414141 in ?? () Cannot access memory at address 0x41414141 -KF smackenz wrote:*nix Issue - Anyone with 'mingetty': After all the vi overflows, and wu-ftpd etc recently I thought I would have a sniff around a default redhat 7.1 box too see what I could find. Anyway I managed to dump core on /sbin/mingetty and thought it would be worth reporting: See below for the shell out: [m0le@mainframe m0le]$ /sbin/mingetty `perl -e 'print "A"x9000'` Segmentation fault (core dumped) [m0le@mainframe m0le]$ id uid=500(m0le) gid=500(m0le) groups=500(m0le) (standard user account) This only works by doing this: /sbin/mingetty `perl -e 'print "A"x9000'` when I did the following: [m0le@mainframe m0le]$ cd /sbin [m0le@mainframe /sbin]$ ./mingetty `perl -e 'print "A"x9000'` Segmentation fault [m0le@mainframe /sbin]$ No core dump.... It doesn't seem to dump in the sbin directory, however I've successfully dumped from several other dir's. I am running a RedHat7.1. I would appreciate some feedback from other distros whith mingetty running. Thanks Scott Mackenzie.
-- /~\ The ASCII Sean Davis \ / Ribbon Campaign aka dive-o X Against HTML / \ Email! dive () endersgame net
Current thread:
- Can anyone verify a core dump on /sbin/mingetty smackenz (Dec 03)
- core dump on mingetty and getty KF (Dec 03)
- Re: core dump on mingetty and getty Ryan Yagatich (Dec 03)
- Re: core dump on mingetty and getty Nelson Sampaio Araujo Junior (Dec 03)
- Re: core dump on mingetty and getty G . Cohen (Dec 03)
- Re: core dump on mingetty and getty Ryan Yagatich (Dec 03)
- Re: core dump on mingetty and getty Patrick Patterson (Dec 03)
- Re: core dump on mingetty and getty Sean Davis (Dec 03)
- core dump on mingetty and getty KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Pedro Miller Rabinovitch (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Chip Mefford (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty J.R. Blain (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Chip Mefford (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Bill Weiss (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping - AGETTY too KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Jeffrey Denton (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Matias Sedalo (Dec 04)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Przemyslaw Frasunek (Dec 03)