|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Giuseppe Dani (giuseppe.dani
tin.it)Date: Sat Nov 10 2001 - 18:41:24 CST
I can confirm your doubt, I can reproduce it on my machine with 2.4 kernel.
rootTRiNiTy:/tmp# touch fuj
rootTRiNiTy:/tmp# touch ble
rootTRiNiTy:/tmp# touch chakiery_z_polzki
rootTRiNiTy:/tmp# seejpeg *
Segmentation fault
Here is my system:
rootTRiNiTy:/tmp# uname -a
Linux TRiNiTy 2.4.12 #7 SMP Thu Nov 1 18:16:41 CET 2001 i586 unknown
rootTRiNiTy:/tmp# cat /etc/slackware-version
8.0.0 (åtta)
Bye.
Giuseppe.
----- Original Message -----
From: "Patryk Chmielewski" <argvjaskinia.eu.org>
To: <vuln-devsecurityfocus.com>
Sent: Saturday, November 10, 2001 9:35 PM
Subject: Segfault in seejpeg 1.10
> I found bug in seejpeg 1.10 but i think it's not expolitable. Let's see:
> (my seejpeg don't have suid and i'm showing this bug running seejpeg at
root)
>
>
> My temporary dir is empty:
> rootjaskinia:/tmp$ ls
> rootjaskinia:/tmp$
>
> Next we must create some empty files:
> rootjaskinia:/tmp$ touch fuj
> rootjaskinia:/tmp$ touch ble
> rootjaskinia:/tmp$ touch chakiery_z_polzki
> rootjaskinia:/tmp$
>
> And main part:
>
> rootjaskinia:/tmp# seejpeg *
> [many '\n' :)]
> Empty input file
>
> svgalib: Signal 11: Segmentation fault received.
> Segmentation fault (core dumped)
> rootjaskinia:/tmp#
>
> My OS:
> argvjaskinia:~$ uname -a
> Linux jaskinia 2.2.20 #1 Sat Nov 3 22:18:56 CET 2001 i686 unknown
> argvjaskinia:~$
> argvjaskinia:~$ cat /etc/slackware-version
> 8.0.0 (åtta)
> argvjaskinia:~$
>
> What do you think about this?
> Can you reproduce this on your machines?
>
> --
> -=[ Patryk Chmielewski -> :: <- argvjaskinia.eu.org ]=-
> -=[ ****** http://argv.jaskinia.eu.org ****** ]=-
> -=[ "If you lie to the compiler, it will get its revenge." ]=-
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]