Hi,
Confirmed this on SuSE 6.2. The magic number of bytes is 347. Dump is
not su/gid so this seems to be more of an annoyance than a security
issue for SuSE boxen (not sure of others).
-HD
"����� KimYongJun (99����)" wrote:
>
> [ Hackerslab bug_paper ] Linux dump buffer overflow
>
> File : /sbin/dump
>
> SYSTEM : Linux
>
> INFO :
>
> The problem occurs when it gets the argument.
> It accepts the argument without checking out its length, and this causes the problem.
>
> It seems that this vulnerability also applies to RedHat Linux 6.2beta,
> the latest version.
>
> [loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "x" x 556'`
> DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
> DUMP: Date of last level dump: the epoch
> DUMP: Dumping
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> to a
>
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
> ���� �̸��� �ʹ� ��ϴ� while opening filesystem
> DUMP: SIGSEGV: ABORTING!
> Segmentation fault
>
> [loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "loveyou" x 556'`
> DUMP: SIGSEGV: ABORTING!
> Segmentation fault <= occur ctime4()
>
