[21550] in bugtraq
Re: dip 3.3.7p-overflow
daemon@ATHENA.MIT.EDU (Ron van Daal)
Mon Jul 16 19:58:35 2001
Date: Mon, 16 Jul 2001 21:13:56 +0200 (CEST)
From: Ron van Daal <ronvdaal@syntonic.net>
To: Marcin Marszalek <mmmad@siodemka.p.lodz.pl>
Cc: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.33.0107101103020.17282-100000@siodemka.p.lodz.pl>
Message-ID: <Pine.LNX.4.21.0107162057210.8086-100000@server.syntonic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi Marcin,
> > After doing a check on my SuSE linux 7.0 x86 i found something interesting:
> >
> > hegi@faust:~ > ls -la /usr/sbin/dip
> > -rwsr-xr-- 1 root dialout 62056 Jul 29 2000 /usr/sbin/dip
> >
> > DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
> > Written by Fred N. van Kempen, MicroWalt Corporation.
>
> > (gdb) run -k -l `perl -e 'print "a" x 130 '`
> > Starting program: /usr/sbin/dip -k -l `perl -e 'print "a" x 130 '`
> > DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
> > Written by Fred N. van Kempen, MicroWalt Corporation.
> >
> > DIP: cannot open /var/lock/LCK..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: Datei oder Verzeichnis nicht gefunden
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x61616161 in ?? ()
>
> The same packet and problem is on SuSe 7.1 and RedHat 6.2. I don't have
> SuSe 7.2 to check.
Does Red Hat 6.2 ship the DIP binary with a suid/sgid bit ?
Red Hat 7.1 installs dip-3.3.7o (which segfaults) with perms 0755
Kind regards,
Ron van Daal
