[4563] in bugtraq
Re: Irix buffer overflow in /bin/df
daemon@ATHENA.MIT.EDU (J.A. Gutierrez)
Sat May 24 22:06:40 1997
Date: Sat, 24 May 1997 21:44:45 +0200
Reply-To: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
From: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3096.864484124@maxx> from "David Hedley" at May 24,
97 03:28:44 pm
> The version of 'df' which comes with Irix 6.2, whilst having the buffer
> overflow problem, is not vulnerable to this exploit as it is compiled as
> a 64bit N32 object
this is true only for the IRIX64 version of Irix 6.2
>
> The temporary fix: chmod u-s /bin/df
Another fix: replace irix 6.2 mips-2 binary with the mips-3
binary from an IRIX64 box
>
> The exploit code included has been tested on the following:
>
> R3000 Indigo (Irix 5.3)
> R4400 Indy (Irix 5.3)
> R5000 O2 (Irix 6.3)
>
R4400 Challenge L (IRIX64 Irix 6.2) -> doesn't works
$ file /sbin/df
/sbin/df: ELF N32 MSB mips-3 dynamic executable MIPS - version 1)
R4600 Indy, Irix 6.2 -> works
R4400 Indigo 2, Irix 6.2 -> works
--
.signature intentionally left blank
