uugetty mgetty also...

From: KF (dotslash@snosoft.com)
Date: 12/04/01


Date: Mon, 03 Dec 2001 18:09:21 -0500
From: KF <dotslash@snosoft.com>
To: vuln-dev@security-focus.com

Ok this is about down to shits and giggles...I would assume about
anything
with getty in its name COULD have the same issue... how this is
abused...
who knows at the moment...But these also suffer from the command line
overflow.

[root@linux elguapo]# uugetty `perl -e 'print "A"x 9000'`
Segmentation fault (core dumped)

[root@linux elguapo]# mgetty `perl -e 'print "A"x 9000'`
Segmentation fault (core dumped)

-KF

KF wrote:
>
> Why do we care... because I am joe schmoe_cant_code_a_lick_of_c and I
> make retarded mistakes
> in my code. (Stupid examples follow).
> #include <stdio.h>
> void main(int *argc, char **argv)
> {
> char *runme[2];
> setuid(0);
> setgid(0);
> runme[0] = argv[1];
> runme[1] = 0;
> execve("/sbin/getty", runme, 0);
> }
>
> For that matter...m4 is a userland non-privileged level program ... yet
> it led to a man exploit.
> Flames > /dev/null ... comments welcome.
>
> -KF
>
> fish stiqz wrote:
> >
> > My question.. why do we care if a userland non-privileged program has
> > a trivial buffer overflow vulnerability? This seems like a complete
> > waste of time. Who cares???!?!?!
> >
> > --
> > fish stiqz <fish@synnergy.net>
> > Synnergy Networks: http://www.synnergy.net/