[7188] in bugtraq
Re: allocslip
daemon@ATHENA.MIT.EDU (M.C.Mar)
Wed Jul 8 13:12:22 1998
Date: Wed, 8 Jul 1998 15:41:19 +0200
Reply-To: "M.C.Mar" <emsi@it.com.pl>
From: "M.C.Mar" <woloszyn@IT.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980704103528.14826E-100000@freenet.bishkek.su>
On Sat, 4 Jul 1998, CyberPsychotic wrote:
(...)
> Here's how i tested it:
> pakage Dslip, version 2.03
> (sunsite.unc.edu/pub/Linux/system/Network/serial/dslip203.tgz)
> The package is rather old, but I found it being used on some Linux
> machines around.
> gdb allocslip
>
> GDB is free software and you are welcome to distribute copies of it
> under certain conditions; type "show copying" to see the conditions.
> There is absolutely no warranty for GDB; type "show warranty" for details.
> GDB 4.16 (i586-unknown-linux), Copyright 1996 Free Software Foundation,
> Inc... (no debugging symbols found)... (gdb) run b_s `perl -e ' printf
> "A" x 300'` [usual GDB mesages]
> GO! sh: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: command
> not found
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x41414141 in ?? ()
> (gdb)
>
I downloaded it form
sunsite.unc.edu/pub/Linux/system/network/serial/dslip203.tgz, and it does
not seem to be vulnerable:
emsi:~/hack/dslip/slip/bin> ./allocslip b_s `perl -e ' printf "A" x 300'`
GO!
Or even:
emsi:~/hack/dslip/slip/bin> ./allocslip b_s `perl -e ' printf "A" x 6000'`
GO!
It does NOT segfault (my system is Slackware 3.4 with 2.0.34 Kernel).
So it was fixed or is not vulnerable at all (I tested it on both -
precompiled and compiled myself).
--
___________________________________________________________________________
M.C.Mar An NT server can be run by an idiot, and usually is. emsi@it.pl
"If you can't make it good, make it LOOK good." - Bill Gates
Moze to nie miejsce, ale tak np. programy M$ to swoiste pomniki glupoty.
