Vulnerability Development mailing list archives
Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core
From: Matias Sedalo <s0t4ipv6 () shellcode com ar>
Date: Tue, 4 Dec 2001 06:17:53 -0300 (ARST)
agetty is vulnerable on slackware 7.1... mothership:~$ uname -a Linux mothership 2.2.19-stealth #7 Wed Nov 7 06:54:37 ARST 2001 i586 unknown mothership:~$ cat /etc/slackware-version 7.1.0 mothership:~$ ls -l /sbin/agetty -rwxr-xr-x 1 root bin 13844 Jun 27 2000 /sbin/agetty* mothership:~$ id uid=1000(s0t4ipv6) gid=100(users) groups=100(users),7(lp) mothership:~$ /sbin/agetty 38400 `perl -e 'print "A"x8492'` Segmentation fault ________________________ Matias Sedalo : : Key id : 0x1F5345B7 P G P fingerprint : B7A1 B45E 4906 34BD 70A1 55F8 E5A0 BCA2 .................................................................. On Tue, 4 Dec 2001, Bill Weiss wrote:
Scott Mackenzie(smackenz () brad ac uk)@Mon, Dec 03, 2001 at 08:07:50PM +0000:SEE MESSAGE : 'Can anyone verify a core dump on /sbin/mingetty' for the original post The reason why there is no core dump from /sbin is because I didn't have write access - should have noticed that but there you go. Ok, bit more information: This problem is positive in the following systems: * note there could and probably are more but I've only had word of the following systems being tested Red-Hat 6.0 onwards (not tested any before) upto and including 7.2 Mandrake 8.0 2.4.3-20mdksmp (presumably similar to redhat here) turbolinux 6.0 SCO unix 5.0.5 (this information was quickly gathered by several people; thanks everyone)Slackware 7.0 (maybe 8.0) uses agetty, which is not vunerable, as far as I can tell. It just spits out a usage error. -- Bill Weiss
Current thread:
- Re: core dump on mingetty and getty, (continued)
- Re: core dump on mingetty and getty Patrick Patterson (Dec 03)
- Re: core dump on mingetty and getty Sean Davis (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Pedro Miller Rabinovitch (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Chip Mefford (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty J.R. Blain (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Chip Mefford (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Scott Mackenzie (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Bill Weiss (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping - AGETTY too KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Jeffrey Denton (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Matias Sedalo (Dec 04)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Przemyslaw Frasunek (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Bill Weiss (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty jon schatz (Dec 03)
- Message not available
- Re: Can anyone verify a core dump on /sbin/mingetty jon schatz (Dec 03)
- Message not available