Re: /usr/bin/addresses seg fault

From: Sebastian Krahmer (krahmer@suse.de)
Date: 03/25/02 

Date: Mon, 25 Mar 2002 14:55:39 +0100 (CET)
From: Sebastian Krahmer <krahmer@suse.de>
To: Blue R <blue@campus.ie>

On Fri, 22 Mar 2002, Blue R wrote:

Hi,

-rwxr-xr-x 1 root root 8232 Sep 20 2001 /usr/bin/addresses

/usr/bin/addresses binary belongs to the pilot-link package but it is
neither +s nor does it run as daemon. So even if there is
an overflow inside it is of no use for attackers.

regards,
Sebastian

> Hi,
> I am using 2.4.10 and SuSE 7.1, the binary 'addresses' does not give much information with no version options or man page etc. But it has the following behaviour:
>
> r@blue:~ > addresses
> usage:addresses /dev/cua??
>
> r@blue:~ >addresses `perl -e 'print "A" x 131'`
> pi_bind: No such file or directory
>
> r@blue:~ >addresses `perl -e 'print "A" x 132'`
> Segmentation fault
>
> r@blue:~ >gdb ./addresses
> GNU gdb 5.0
> Copyright 2000 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-suse-linux"...(no debugging symbols found)...
> (gdb) set args `perl -e 'print "A" x 132'`
> (gdb) r
> Starting program: /home/r/AUDIT/TEST/./addresses `perl -e 'print "A" x 132'`
> (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
> Program received signal SIGSEGV, Segmentation fault.
> 0x400afdbb in getenv () from /lib/libc.so.6
> (gdb) info reg
> eax 0xbf004141 -1090502335
> ecx 0x8049ff0 134520816
> edx 0x4950 18768
> ebx 0x40198828 1075415080
> esp 0xbffeee94 0xbffeee94
> ebp 0xbffeeebc 0xbffeeebc
> esi 0xbffff500 -1073744640
> edi 0x4002a622 1073915426
> eip 0x400afdbb 0x400afdbb
> eflags 0x210286 2163334
> cs 0x23 35
> ss 0x2b 43
> ds 0x2b 43
> es 0x2b 43
> fs 0x0 0
> gs 0x0 0
> fctrl 0x37f 895
> fstat 0x0 0
> ftag 0xffff 65535
> fiseg 0x23 35
> fioff 0x4086106b 1082527851
> foseg 0x2b 43
> fooff 0xbfffec18 -1073746920
> fop 0x518 1304
>
> Regards,
> B.
>
>
> 

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@suse.de - SuSE Security Team
~

Relevant Pages

  • Stability issues / UFS based panic on recent CURRENT (03/22)
    ... Copyright 2004 Free Software Foundation, ... GDB is free software, covered by the GNU General Public License, and you are ... There is absolutely no warranty for GDB. ... #0 doadump at pcpu.h:246 ...
    (freebsd-current)
  • Re: Fedora 9
    ... GNU gdb Fedora ... This is free software: you are free to change and redistribute it. ... Program received signal SIGSEGV, Segmentation fault. ... Missing separate debuginfos, use: debuginfo-install atk.i386 cairo.i386 ...
    (Fedora)
  • Is the memory map of a process different when executed in GDB?
    ... run it inside GDB. ... Segmentation fault ... This is free software: you are free to change and redistribute it. ... There is NO WARRANTY, to the extent permitted by law. ...
    (Vuln-Dev)
  • 2 core dumps
    ... GNU gdb 6.1.1 ... Copyright 2004 Free Software Foundation, ... There is absolutely no warranty for GDB. ... #0 doadump at pcpu.h:195 ...
    (freebsd-current)
  • [UNIX] Progress Database Local Buffer Overflow
    ... # gdb /usr/dlc/bin/_mpros core ... Segmentation fault. ... Reading symbols from /lib/libm.so.6...done. ... There is absolutely no warranty for GDB. ...
    (Securiteam)