[18530] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: major security bug in reiserfs (may affect SuSE Linux)

daemon@ATHENA.MIT.EDU (Gigi Sullivan)
Wed Jan 10 16:25:58 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id:  <20010110212859.A243@armageddon.tin.it>
Date:         Wed, 10 Jan 2001 21:28:59 +0100
Reply-To: Gigi Sullivan <sullivan@SIKUREZZA.ORG>
From: Gigi Sullivan <sullivan@SIKUREZZA.ORG>
X-To:         Marc Lehmann <pcg@GOOF.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <20010110004201.A308@cerebro.laendle>; from pcg@GOOF.COM on Wed,
              Jan 10, 2001 at 12:42:01AM +0100

Aiee :)

   Hello!

On Wed, Jan 10, 2001 at 12:42:01AM +0100, Marc Lehmann wrote:
> Since a kernel oops results (see below), this indicates a buffer overrun
> (the kernel jumps to address 78787878, which is "xxxx") inside the kernel,

   AFAIK this won't indicate _always_ a buffer overrun in kernel land.
   Just think about dereferenced NULL pointer for example.

[snip]
> Unable to handle kernel paging request at virtual address 78787878
> current->tss.cr3 = 0d074000, %cr3 = 0d074000
> *pde = 00000000
> Oops: 0002
> CPU:    0
> EIP:    0010:[<c013f875>]
> EFLAGS: 00010282
> eax: 00000000   ebx: bfffe78c   ecx: 00000000   edx: bfffe78c
> esi: ccbddd62   edi: 78787878   ebp: 00000300   esp: ccbddd3c
> ds: 0018   es: 0018   ss: 0018
> Process bash (pid: 292, process nr: 54, stackpage=ccbdd000)
> Stack: c013f66a ccbddf6c cd100000 ccbddd62 0000030c c0136d49 00000700 00002013
>        00001000 7878030c 78787878 78787878 78787878 78787878 78787878 78787878
>        78787878 78787878 78787878 78787878 78787878 78787878 78787878 78787878
> Call Trace: [<c013f66a>] [<c0136d49>]
> Code: 89 1f 8b 44 24 18 29 47 08 31 c0 5b 5e 5f 5d 81 c4 2c 01 00

   Unfortunatly Oops messages aren't usefull if no decoded using
   ksymoops for example.

   That said, Oops shouldn't be good, so issues may be present.

   Try it out and let us know, please :)

> --
>       -----==-                                             |
>       ----==-- _                                           |
>       ---==---(_)__  __ ____  __       Marc Lehmann      +--
>       --==---/ / _ \/ // /\ \/ /       pcg@opengroup.org |e|
>       -=====/_/_//_/\_,_/ /_/\_\       XX11-RIPE         --+
>     The choice of a GNU generation                       |

bye bye

                        -- gg sullivan

--
Lorenzo Cavallaro	`Gigi Sullivan' <sullivan@sikurezza.org>

LibRNet Project Home Page: http://www.sikurezza.org/sullivan
LibRNet Mailing List: librnet-subscribe@egroups.com

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18530] in bugtraq

Re: major security bug in reiserfs (may affect SuSE Linux)

daemon@ATHENA.MIT.EDU (Gigi Sullivan)Wed Jan 10 16:25:58 2001

daemon@ATHENA.MIT.EDU (Gigi Sullivan)
Wed Jan 10 16:25:58 2001