[crit3rion at gmail.com: arp buffer overflow]

Bernd Eckenfels be-mail2008 at lina.inka.de
Wed Dec 10 22:41:40 UTC 2008 

Hello,

got this alert here and inquired some more details (like version output and
if the string is actually literally containing ###).Cant reproduce it in my
32bit Debian system, but I dont have a memory guard compiled in eighter.

Greetings
Bernd

PS: Debian maintainer changed for net-tools, I am still upstream maintainer
(http://net-tools.berlios.de/

----- Forwarded message from Arete Vestige <crit3rion at gmail.com> -----

Envelope-to: net-tools at lina.inka.de
Delivery-date: Wed, 10 Dec 2008 22:07:23 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type:content-transfer-encoding
         :content-disposition;
        bh=/yaJqA6h4mtdfep3RLt5MMTvXEa5t07hF21f/Hd+cG8=;
        b=aRID4NFCJAXmQhAetOIVkv5zltLz3eboK1W7LY5i209RSmL595NG+ViLAzkh8YRjz/
         AJ8SAnUkGRgXXkham8k9I3VPLYbskcftUVACFF8XykScNSp7LtrLWRaSspPb0x4fzIpY
         omvO4MwLy0gcQnFjIqn1aZ+fC2dlonfMOFgTU=
From: Arete Vestige <crit3rion at gmail.com>
To: waltje at uwalt.nl.mugnet.org, net-tools at lina.inka.de
Subject: arp buffer overflow
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on 
	calista.eckenfels.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=4.7 tests=BAYES_00,DNS_FROM_RFC_POST,
	RCVD_BY_IP autolearn=no version=3.0.3

Hello Gentlemen.  I hope that all is well with you.

I installed ubuntu 8.10 x86_64 on one of my boxes recently and
encountered an interesting error when mistakenly entering an arp
statement:

# arp -vn -s 192.168.0.128 -H ether -D 00:##:##:da:##:##

*** buffer overflow detected ***: arp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7ff51ae3e887]
/lib/libc.so.6[0x7ff51ae3c750]
arp[0x402853]
arp[0x402fac]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7ff51ad5d466]
arp[0x401a09]
======= Memory map: ========
00400000-0040c000 r-xp 00000000 fe:01 14765080 /usr/sbin/arp
0060b000-0060c000 r--p 0000b000 fe:01 14765080 /usr/sbin/arp
0060c000-0060e000 rw-p 0000c000 fe:01 14765080 /usr/sbin/arp
010eb000-0110c000 rw-p 010eb000 00:00 0 [heap]
7ff51ab27000-7ff51ab3d000 r-xp 00000000 fe:01 50651200 /lib/libgcc_s.so.1
7ff51ab3d000-7ff51ad3d000 ---p 00016000 fe:01 50651200 /lib/libgcc_s.so.1
7ff51ad3d000-7ff51ad3e000 r--p 00016000 fe:01 50651200 /lib/libgcc_s.so.1
7ff51ad3e000-7ff51ad3f000 rw-p 00017000 fe:01 50651200 /lib/libgcc_s.so.1
7ff51ad3f000-7ff51aea8000 r-xp 00000000 fe:01 50651153 /lib/libc-2.8.90.so
7ff51aea8000-7ff51b0a7000 ---p 00169000 fe:01 50651153 /lib/libc-2.8.90.so
7ff51b0a7000-7ff51b0ab000 r--p 00168000 fe:01 50651153 /lib/libc-2.8.90.so
7ff51b0ab000-7ff51b0ac000 rw-p 0016c000 fe:01 50651153 /lib/libc-2.8.90.so
7ff51b0ac000-7ff51b0b1000 rw-p 7ff51b0ac000 00:00 0
7ff51b0b1000-7ff51b0d0000 r-xp 00000000 fe:01 50651150 /lib/ld-2.8.90.so
7ff51b191000-7ff51b1d0000 r--p 00000000 fe:01 14786586
/usr/lib/locale/en_US.utf8/LC_CTYPE
7ff51b1d0000-7ff51b2b1000 r--p 00000000 fe:01 14786589
/usr/lib/locale/en_US.utf8/LC_COLLATE
7ff51b2b1000-7ff51b2b3000 rw-p 7ff51b2b1000 00:00 0
7ff51b2bb000-7ff51b2bc000 r--p 00000000 fe:01 14786587
/usr/lib/locale/en_US.utf8/LC_NUMERIC
7ff51b2bc000-7ff51b2bd000 r--p 00000000 fe:01 14786588
/usr/lib/locale/en_US.utf8/LC_TIME
7ff51b2bd000-7ff51b2be000 r--p 00000000 fe:01 14786590
/usr/lib/locale/en_US.utf8/LC_MONETARY
7ff51b2be000-7ff51b2bf000 r--p 00000000 fe:01 14786592
/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
7ff51b2bf000-7ff51b2c0000 r--p 00000000 fe:01 14786593
/usr/lib/locale/en_US.utf8/LC_PAPER
7ff51b2c0000-7ff51b2c1000 r--p 00000000 fe:01 14786594
/usr/lib/locale/en_US.utf8/LC_NAME
7ff51b2c1000-7ff51b2c2000 r--p 00000000 fe:01 14786595
/usr/lib/locale/en_US.utf8/LC_ADDRESS
7ff51b2c2000-7ff51b2c3000 r--p 00000000 fe:01 14786596
/usr/lib/locale/en_US.utf8/LC_TELEPHONE
7ff51b2c3000-7ff51b2c4000 r--p 00000000 fe:01 14786597
/usr/lib/locale/en_US.utf8/LC_MEASUREMENT
7ff51b2c4000-7ff51b2cb000 r--s 00000000 fe:01 14764015
/usr/lib/gconv/gconv-modules.cache
7ff51b2cb000-7ff51b2cc000 r--p 00000000 fe:01 14786598
/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7ff51b2cc000-7ff51b2cf000 rw-p 7ff51b2cc000 00:00 0
7ff51b2cf000-7ff51b2d0000 r--p 0001e000 fe:01 50651150 /lib/ld-2.8.90.so
7ff51b2d0000-7ff51b2d1000 rw-p 0001f000 fe:01 50651150 /lib/ld-2.8.90.so
7fff232bc000-7fff232d1000 rw-p 7ffffffea000 00:00 0 [stack]
7fff233ff000-7fff23400000 r-xp 7fff233ff000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

Thanks guys,
crit3rion

----- End forwarded message -----

-- 
  (OO)     -- Bernd_Eckenfels at Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. )    ecki@{inka.de,linux.de,debian.org}  http://www.eckes.org/
  o--o   1024D/E383CD7E  eckes at IRCNet  v:+497211603874  f:+49721151516129
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

More information about the Ubuntu-devel-discuss mailing list