|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [ Hackerslab bug_paper ] Linux dump buffer overflow
From: Lamagra Argamal (lamagra
HACKERMAIL.NET)Date: Fri Mar 03 2000 - 13:53:41 CST
- Next message: Kuji: "Pocsag remote access to client can't be disabled."
- Previous message: harikiri: "OpenLinux 2.3: rpm_query"
- Next in thread: Przemyslaw Frasunek: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
- Maybe reply: Lamagra Argamal: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
i checked RedHat's 5.2 dump (dump-0.3) and it doesn't seem vunerable in an exploitable way.
There's a minor heap-overflow though:
snipped from optr.c
msg(const char *fmt, ...)
{
.......
va_start(ap, fmt);
#else
va_start(ap);
#endif
(void) vfprintf(stderr, fmt, ap);
(void) fflush(stdout);
(void) fflush(stderr);
(void) vsprintf(lastmsg, fmt, ap);
va_end(ap);
......
}
Lastmsg is a global variable size = 100
-lamagra
http://lamagra.seKure.de
http://www.b0f.com
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
- Next message: Kuji: "Pocsag remote access to client can't be disabled."
- Previous message: harikiri: "OpenLinux 2.3: rpm_query"
- Next in thread: Przemyslaw Frasunek: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
- Maybe reply: Lamagra Argamal: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]