[21609] in bugtraq
Re: dip 3.3.7p-overflow
daemon@ATHENA.MIT.EDU (Martijn A.)
Wed Jul 18 12:22:12 2001
Date: Tue, 17 Jul 2001 05:38:29 +0200 (CEST)
From: "Martijn A." <root@esd.ath.cx>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.30.0107170537430.2389-100000@esd.ath.cx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
>After doing a check on my SuSE linux 7.0 x86 i found >something
>interesting:
>
>hegi@faust:~ > ls -la /usr/sbin/dip
>-rwsr-xr-- 1 root dialout 62056 Jul 29 2000 /usr/sbin/dip
>
>DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
>Written by Fred N. van Kempen, MicroWalt Corporation.
>
>(gdb) run -k -l `perl -e 'print "a" x 130 '`
>Starting program: /usr/sbin/dip -k -l `perl -e 'print "a" x 130 '`
>DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96)
>Written by Fred N. van Kempen, MicroWalt Corporation.
>
>DIP: cannot open /var/lock/LCK..aaaa......aaaaaaa: Datei oder >Verzeichnis
>nicht gefunden
>
>Program received signal SIGSEGV, Segmentation fault.
>0x61616161 in ?? ()
>
>The same packet and problem is on SuSe 7.1 and RedHat 6.2. >I don't have
>SuSe 7.2 to check.
SuSE 6.2 and 6.3 are also vulnerable and setuid root. But normal users, just
like on SuSE 7.0, don't have execute permissions on these versions.
Regards,
Martijn A.
