('binary' encoding is not supported, stored as-is) ======================================
====
= VI Overflow Tested in RedHat 7.0/7.1/7.2 =
=----------------------------------------=
= Author: Andrew Tofan =
=----------------------------------------=
= Email: aramiseasynet.ro =
=----------------------------------------=
======================================
====


I've found a problem in vi
, which is located in /bin/vi".
Here are some tests I've made in << VIM version
5.7.8>>.

Take a look at my test:

[rootsoftly /root]# vi -t "`perl -e 'printf "A"x9000'`"
[rootsoftly /root]# gdb vi core
gdb output:
==========

Program terminated with signal 11, Segmentation
fault.
Reading symbols from /lib/libtermcap.so.2...(no
debugging symbols found)...done.
Loaded symbols for /lib/libtermcap.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0 0x80644a7 in strcpy ()
at ../sysdeps/generic/strcpy.c:31
31 ../sysdeps/generic/strcpy.c: No such file or
directory.

then take a look at the registers:
====================================
(gdb) info registers
eax 0x41414141 1094795585
ecx 0x41414141 1094795585
edx 0x1 1
ebx 0x1 1
esp 0xbfffd1c4 0xbfffd1c4
ebp 0xbfffd1dc 0xbfffd1dc
esi 0x41414141 1094795585
edi 0x0 0
eip 0x80644a7 0x80644a7
eflags 0x10206 66054
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x2b 43
gs 0x2b 43
fctrl 0x0 0
fstat 0x0 0
ftag 0x0 0
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
I did't waste my time writing an exploit becouse this:
-rwxr-xr-x 1 root root 361852 Aug 7
2000 /bin/vi

--==Aramis==--

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]