lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 11 Oct 2010 11:07:37 +0800
From: watercloud watercloud <watercloud@...cus.org>
To: bugtraq@...urityfocus.com
Subject: ubuntu 10.04 xterm heap overflow,can it be exploit ?

Hi,all !
I find xterm on ubuntu 10.04 have a local heap overflow,
I don't known  that can it be exploit on glibc 2.11 .


detail :

watercloud@...ntu:~/Downloads$ ls -l `which xterm`
-rwxr-sr-x 1 root utmp 354444 2010-03-31 17:47 /usr/bin/xterm

watercloud@...ntu:~/Downloads$ xterm -fb `perl -e 'print "A"x4000'`
*** glibc detected *** xterm: munmap_chunk(): invalid pointer: 0x080bd314 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x243591]
/lib/tls/i686/cmov/libc.so.6(+0x6c80e)[0x24480e]
xterm[0x8062c70]
xterm[0x8064b34]
xterm[0x805515d]
/usr/lib/libXt.so.6(+0x23e30)[0x4a2e30]
/usr/lib/libXt.so.6(+0x23fb5)[0x4a2fb5]
/usr/lib/libXt.so.6(XtRealizeWidget+0x9d)[0x4a325d]
xterm[0x8058176]
xterm[0x8069a08]
xterm[0x806bf78]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x1eebd6]
xterm[0x804d6a1]
======= Memory map: ========
00110000-0012b000 r-xp 00000000 08:01 147        /lib/ld-2.11.1.so
0012b000-0012c000 r--p 0001a000 08:01 147        /lib/ld-2.11.1.so
0012c000-0012d000 rw-p 0001b000 08:01 147        /lib/ld-2.11.1.so
0012d000-0012e000 r-xp 00000000 00:00 0          [vdso]
0012e000-00140000 r-xp 00000000 08:01 4191       /usr/lib/libXft.so.2.1.13
00140000-00141000 r--p 00011000 08:01 4191       /usr/lib/libXft.so.2.1.13
00141000-00142000 rw-p 00012000 08:01 4191       /usr/lib/libXft.so.2.1.13
00142000-00198000 r-xp 00000000 08:01 2715       /usr/lib/libXaw7.so.7.0.0
00198000-00199000 r--p 00055000 08:01 2715       /usr/lib/libXaw7.so.7.0.0
00199000-0019f000 rw-p 00056000 08:01 2715       /usr/lib/libXaw7.so.7.0.0
0019f000-001a0000 rw-p 00000000 00:00 0
001a0000-001d4000 r-xp 00000000 08:01 4408       /lib/libncurses.so.5.7
001d4000-001d5000 ---p 00034000 08:01 4408       /lib/libncurses.so.5.7
001d5000-001d7000 r--p 00034000 08:01 4408       /lib/libncurses.so.5.7
001d7000-001d8000 rw-p 00036000 08:01 4408       /lib/libncurses.so.5.7
001d8000-0032b000 r-xp 00000000 08:01 1050745
/lib/tls/i686/cmov/libc-2.11.1.so
0032b000-0032c000 ---p 00153000 08:01 1050745
/lib/tls/i686/cmov/libc-2.11.1.so
0032c000-0032e000 r--p 00153000 08:01 1050745
/lib/tls/i686/cmov/libc-2.11.1.so
0032e000-0032f000 rw-p 00155000 08:01 1050745
/lib/tls/i686/cmov/libc-2.11.1.so
0032f000-00332000 rw-p 00000000 00:00 0
00332000-00360000 r-xp 00000000 08:01 850        /usr/lib/libfontconfig.so.1.4.4
00360000-00361000 r--p 0002d000 08:01 850        /usr/lib/libfontconfig.so.1.4.4
00361000-00362000 rw-p 0002e000 08:01 850        /usr/lib/libfontconfig.so.1.4.4
00362000-0047b000 r-xp 00000000 08:01 4046       /usr/lib/libX11.so.6.3.0
0047b000-0047c000 r--p 00118000 08:01 4046       /usr/lib/libX11.so.6.3.0
0047c000-0047e000 rw-p 00119000 08:01 4046       /usr/lib/libX11.so.6.3.0
0047e000-0047f000 rw-p 00000000 00:00 0
0047f000-004ce000 r-xp 00000000 08:01 3718       /usr/lib/libXt.so.6.0.0
004ce000-004cf000 r--p 0004e000 08:01 3718       /usr/lib/libXt.so.6.0.0
004cf000-004d2000 rw-p 0004f000 08:01 3718       /usr/lib/libXt.so.6.0.0
004d2000-004e7000 r-xp 00000000 08:01 2723       /usr/lib/libXmu.so.6.2.0
004e7000-004e8000 r--p 00014000 08:01 2723       /usr/lib/libXmu.so.6.2.0
004e8000-004e9000 rw-p 00015000 08:01 2723       /usr/lib/libXmu.so.6.2.0
004e9000-004fe000 r-xp 00000000 08:01 4016       /usr/lib/libICE.so.6.3.0
004fe000-004ff000 r--p 00014000 08:01 4016       /usr/lib/libICE.so.6.3.0
004ff000-00500000 rw-p 00015000 08:01 4016       /usr/lib/libICE.so.6.3.0
00500000-00502000 rw-p 00000000 00:00 0
00502000-00573000 r-xp 00000000 08:01 2033       /usr/lib/libfreetype.so.6.3.22
00573000-00577000 r--p 00070000 08:01 2033       /usr/lib/libfreetype.so.6.3.22
00577000-00578000 rw-p 00074000 08:01 2033       /usr/lib/libfreetype.so.6.3.22
00578000-00580000 r-xp 00000000 08:01 4050       /usr/lib/libXrender.so.1.3.0
00580000-00581000 r--p 00007000 08:01 4050       /usr/lib/libXrender.so.1.3.0
00581000-00582000 rw-p 00008000 08:01 4050       /usr/lib/libXrender.so.1.3.0
00582000-00590000 r-xp 00000000 08:01 4091       /usr/lib/libXext.so.6.4.0
00590000-00591000 r--p 0000d000 08:01 4091       /usr/lib/libXext.so.6.4.0
00591000-00592000 rw-p 0000e000 08:01 4091       /usr/lib/libXext.so.6.4.0
00592000-005a1000 r-xp 00000000 08:01 2709       /usr/lib/libXpm.so.4.11.0
005a1000-005a2000 r--p 0000e000 08:01 2709       /usr/lib/libXpm.so.4.11.0
005a2000-005a3000 rw-p 0000f000 08:01 2709       /usr/lib/libXpm.so.4.11.0
005a3000-005a5000 r-xp 00000000 08:01 1053685
/lib/tls/i686/cmov/libdl-2.11.1.so
005a5000-005a6000 r--p 00001000 08:01 1053685
/lib/tls/i686/cmov/libdl-2.11.1.so
005a6000-005a7000 rw-p 00002000 08:01 1053685
/lib/tls/i686/cmov/libdl-2.11.1.so
005a7000-005ba000 r-xp 00000000 08:01 4125       /lib/libz.so.1.2.3.3
005ba000-005bb000 r--p 00012000 08:01 4125       /lib/libz.so.1.2.3.3
005bb000-005bc000 rw-p 00013000 08:01 4125       /lib/libz.so.1.2.3.3
005bc000-005e0000 r-xp 00000000 08:01 90         /lib/libexpat.so.1.5.2
005e0000-005e2000 r--p 00024000 08:01 90         /lib/libexpat.so.1.5.2
005e2000-005e3000 rw-p 00026000 08:01 90         /lib/libexpat.so.1.5.2
005e3000-005fb000 r-xp 00000000 08:01 4032       /usr/lib/libxcb.so.1.1.0
005fb000-005fc000 r--p 00017000 08:01 4032       /usr/lib/libxcb.so.1.1.0
005fc000-005fd000 rw-p 00018000 08:01 4032       /usr/lib/libxcb.so.1.1.0
005fd000-00604000 r-xp 00000000 08:01 44         /usr/lib/libSM.so.6.0.1
00604000-00605000 r--p 00006000 08:01 44         /usr/lib/libSM.so.6.0.1
00605000-00606000 rw-p 00007000 08:01 44         /usr/lib/libSM.so.6.0.1
00606000-00608000 r-xp 00000000 08:01 2195       /usr/lib/libXau.so.6.0.0
00608000-00609000 r--p 00001000 08:01 2195       /usr/lib/libXau.so.6.0.0
00609000-0060a000 rw-p 00002000 08:01 2195       /usr/lib/libXau.so.6.0.0
0060a000-0060e000 r-xp 00000000 08:01 3970       /usr/lib/libXdmcp.so.6.0.0
0060e000-0060f000 r--p 00003000 08:01 3970       /usr/lib/libXdmcp.so.6.0.0
0060f000-00610000 rw-p 00004000 08:01 3970       /usr/lib/libXdmcp.so.6.0.0
00610000-00613000 r-xp 00000000 08:01 811        /lib/libuuid.so.1.3.0
00613000-00614000 r--p 00002000 08:01 811        /lib/libuuid.so.1.3.0
00614000-00615000 rw-p 00003000 08:01 811        /lib/libuuid.so.1.3.0
00615000-0061d000 r-xp 00000000 08:01 3644       /usr/lib/libXcursor.so.1.0.2
0061d000-0061e000 r--p 00007000 08:01 3644       /usr/lib/libXcursor.so.1.0.2
0061e000-0061f000 rw-p 00008000 08:01 3644       /usr/lib/libXcursor.so.1.0.2
0061f000-00623000 r-xp 00000000 08:01 4112       /usr/lib/libXfixes.so.3.1.0
00623000-00624000 r--p 00003000 08:01 4112       /usr/lib/libXfixes.so.3.1.0
00624000-00625000 rw-p 00004000 08:01 4112       /usr/lib/libXfixes.so.3.1.0
00625000-00642000 r-xp 00000000 08:01 1463       /lib/libgcc_s.so.1
00642000-00643000 r--p 0001c000 08:01 1463       /lib/libgcc_s.so.1
00643000-00644000 rw-p 0001d000 08:01 1463       /lib/libgcc_s.so.1
08048000-08099000 r-xp 00000000 08:01 2848       /usr/bin/xterm
08099000-0809a000 r--p 00050000 08:01 2848       /usr/bin/xterm
0809a000-080a0000 rw-p 00051000 08:01 2848       /usr/bin/xterm
080a0000-080e5000 rw-p 00000000 00:00 0          [heap]
b7e4c000-b7e8b000 r--p 00000000 08:01 393224
/usr/lib/locale/zh_CN.utf8/LC_CTYPE
b7e8b000-b7fdd000 r--p 00000000 08:01 393276
/usr/lib/locale/zh_CN.utf8/LC_COLLATE

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ