Re: [Full-disclosure] Can executable file(can't read) still be coredumped in solaris ?
From: alert7 (alert7_at_xfocus.org)
Date: 09/13/05
- Previous message: h4cky0u: "[Full-disclosure] Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability (Updated)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 Sep 2005 22:29:29 +0800 To: full-disclosure@lists.grok.org.uk
hi all
I also tested succeed on solaris 9 which patched lastest patch.(Kernel version: SunOS 5.9 Generic 118558-02 Jan 2005).
It coredumped a executable file which can NOT be read.i think this is a vulnerability.
> hi ,dear friends:
>
> I have tested succeed on solaris 8
> Executable file(can't read) can be coredumped .
> Bug I don't know whether it is still exist or not.
>
>
> [alert7@Solaris8 solaris]$ uname -a
> SunOS Solaris8 5.8 Generic_108528-29 sun4u sparc SUNW,Ultra-5_10
>
> COREDUMP enable
> example
>
> [alert7@Solaris8 alert7]$ ls -la test
> --wx--x--x 1 root pubcvs 6344 Aug 16 11:27 test
> [alert7@Solaris8 alert7]$ id
> uid=108(alert7) gid=102(pubcvs)
>
> [alert7@Solaris8 alert7]$ ps -ef|grep test
> alert7 440 380 0 13:59:02 pts/2 0:00 ./test ff
> [alert7@Solaris8 alert7]$ kill -4 440
> [alert7@Solaris8 alert7]$ ./test ff
> Illegal Instruction (core dumped)
>
> [alert7@Solaris8 alert7]$ ls -la core
> -rw------- 1 alert7 pubcvs 72192 Aug 17 13:59 core
> [alert7@Solaris8 alert7]$ gdb -q -c core
> Core was generated by `./test ff'.
> Program terminated with signal 4, Illegal instruction.
> #0 0xff31b788 in ?? ()
>
> SIGQUIT
> SIGILL
> SIGTRAP
> SIGIOT
> SIGEMT
> SIGFPE
> SIGBUS
> SIGSEGV
> SIGSYS
> SIGXCPU
> SIGXFSZ
>
> these above signal also can cause process coredump if process not set signal handler
>
>
>
-- Best Regards alert7@xfocus.org XFOCUS Security Team http://www.xfocus.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: h4cky0u: "[Full-disclosure] Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability (Updated)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
