[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] *BSD banner INT overflow vulnerability
- To: Sean Comeau <scomeau@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] *BSD banner INT overflow vulnerability
- From: "J.A. Terranson" <measl@xxxxxxx>
- Date: Sun, 26 Nov 2006 01:21:50 -0600 (CST)
On Wed, 22 Nov 2006, Sean Comeau wrote:
> On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote:
> >
> > %uname -sir
> > FreeBSD 6.1-RELEASE GENERIC
> > %gdb banner
> > (gdb) r -w 17000000
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x01010101 in ?? ()
> >
>
> This doesn't crash banner on OpenBSD,
FreeBSD 4.10R doesn't give a shit either.
> and even if it did who cares? What would anyone accomplish by making
> this setuid root?
-bash-2.05b$ ls -al /usr/bin/banner
-r-xr-xr-x 1 root wheel 16136 May 25 2004 /usr/bin/banner
Good question.
--
Yours,
J.A. Terranson
sysadmin@xxxxxxx
0xBD4A95BF
"Surely the larger lesson learned from that day is that other men, all
over the world, took inspiration not from the heroism of the rescuers in
New York or the passengers flying over Pennsylvania, but from the 19
hijackers - the twisted brilliance of their scheme and their willingness
to sacrifice their lives to make a political and, as they saw it,
religious statement."
Richard Corliss/Time Magazine
11 Aug 2006
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/