exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

oss-00001.txt

oss-00001.txt
Posted Dec 21, 2002
Authored by Burn-X | Site opensourcesecurity.com

Pine v4.44 contains a local buffer overflow in the -x command line option.

tags | advisory, overflow, local
SHA-256 | 1ef3e1c8a908d842ce87bbcf654b3e3ef0f8778d1b327a332d6955a77aa0658f

oss-00001.txt

Change Mirror Download
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Open Source Security
http://www.opensourcesecurity.com
11-2002 Bug Advisory
Author: BuRn-X
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Application: Pine
Version: 4.44(Higher ?)
Type: Local

Description:

Well There appears to be a exploitable bug in version 4.44 of the mail
client Pine. Although this application does not seem to be suid on any
linux distribution it is still important to obtain fixes and updates for
this bug. The bug exists in the application argumet for the pine
configuration file.The application immediatly segment faults and crashes.

Demonstration:

root@darkstar:~# gdb /usr/bin/pine
GNU gdb 5.2
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-slackware-linux"...
(no debugging symbols found)...
(gdb) r -x %n
Starting program: /usr/bin/pine -x %n
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x40243200 in _IO_vfprintf (s=0x8398230,
format=0x8396de0 "\n -- init_pinerc --\n\nGlobal config
\"/usr/lib/pine/pine.conf\" is default\nPersonal config \"/root/.pinerc\"
is default\nExceptions config \"%n\" comes from command line\n\n Global
config: /usr/lib/pine/pi"..., ap=0xbfffe7e0) at vfprintf.c:1474
1474 vfprintf.c: No such file or directory.
in vfprintf.c
(gdb) info reg
eax 0x80c0adc 135006940
ecx 0xbfffe7e0 -1073748000
edx 0x8398230 137986608
ebx 0x40314e58 1076973144
esp 0xbfffe194 0xbfffe194
ebp 0xbfffe79c 0xbfffe79c
esi 0x86 134
edi 0x8396de0 137981408
eip 0x40243200 0x40243200
eflags 0x10292 66194
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x23 35
fioff 0x4004a312 1074045714
foseg 0x2b 43
fooff 0xbffff4ec -1073744660
---Type <return> to continue, or q <return> to quit---
fop 0x39d 925
xmm0 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm1 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm2 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm3 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm4 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm5 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm6 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm7 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
mxcsr 0x1f80 8064
orig_eax 0xffffffff -1
(gdb) bt
#0 0x40243200 in _IO_vfprintf (s=0x8398230,
format=0x8396de0 "\n -- init_pinerc --\n\nGlobal config
\"/usr/lib/pine/pine.conf\" is default\nPersonal config \"/root/.pinerc\"
is default\nExceptions config \"%n\" comes from command line\n\n Global
config: /usr/lib/pine/pi"..., ap=0xbfffe7e0) at vfprintf.c:1474
#1 0x4024b90a in fprintf (stream=0x8398230,
format=0x8396de0 "\n -- init_pinerc --\n\nGlobal config
\"/usr/lib/pine/pine.conf\" is default\nPersonal config \"/root/.pinerc\"
is default\nExceptions config \"%n\" comes from command line\n\n Global
config: /usr/lib/pine/pi"...) at fprintf.c:32
#2 0x081504b9 in strcpy () at ../sysdeps/generic/strcpy.c:31
#3 0x4021017d in __libc_start_main (main=0x814fcd0 <strcpy+1066188>,
argc=3,
ubp_av=0xbffff914, init=0x804aa1c <_init>, fini=0x8218c10 <_fini>,
rtld_fini=0x4000a534 <_dl_fini>, stack_end=0xbffff90c)
at ../sysdeps/generic/libc-start.c:129


Final Analysis:

;)~
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close