Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

gdb bug

from [digit2004] Network Security [Permanent Link]
Subject: gdb bug
Date: Thu, 24 Jan 2008 21:49:16 +0000 (GMT)
--- Begin Message ---
Subject: gdb bug
Date: Mon, 21 Jan 2008 00:55:53 +0000 (GMT) 
self corrupted gdb (which gdb itself is
warning  about), corrupting the stack that by chance has a jump
instruction causing a loop,  An attacker can exploit this vulnerability
to inject malicious commands to be run under the permissions of the
current gbb session. , effects gdb 6.*-7.* I tested.aserisk exploitgdb 
asteriskctrl+cr asteriskctrl+cr asterisk -r      <----- reason for crash ( -r 
is a flag for asterisk gdb mistakes this for run not run)x 0xb7e7dde8rret 
0xb7e7dde8Program received signal SIGINT, Interrupt.[Switching to Thread 
-1211655968 (LWP 3208)]0xb7e7dde8 in poll () from /lib/tls/libc.so.6(gdb) ret 
0xb7e7dde8Make selected stack frame return now? (y or n) yreakpoint 1, 
0x080a5e17 in main ()(gdb) ret 0xb7e7dde80  0xb7db9ea4 in __libc_start_main () 
from /lib/tls/libc.so.6(gdb) backtrace#0  0xb7db9ea4 in __libc_start_main () 
from /lib/tls/libc.so.6#1  0x080554f1 in _start ()Program received signal 
SIGINT, Interrupt.[Switching to Thread -1211655968 (LWP 3208)]0xb7e7dde8 in 
poll () from /lib/tls/libc.so.6internal-error: frame_register: Assertion `frame 
!= NULL && frame->next != NA problem internal to GDB has been detected,further 
debugging may prove unreliable.Create a core file of GDB? (y or n)Please answer 
y or n./build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Create a core file of GDB? (y or n)    poll 
failed: No such file or directoryx86*CLI> Aborted0xb7e101c20xb7e1021e 
<glob64+22478>:      0xff(gdb) x86*CLI> x86*CLI> x86*CLI> x80x7e1012b6 
<-----0x7e10126e0x080a55540xb7e10012 <posix_fallocate+258>:        
"\002"0xb7e10012 <posix_fallocate+258>:        "\002"(gdb)
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*Cret 0xb7e101dex/s 0xb7e0fde8xb7e10887
<sendfile64+1319>:   
"\213EØ\215µtûÿÿ\211t$\b\211D$\004è³\230ÿÿ\205À\017\210;ÿÿÿ\213M\020\213\205xûÿÿ\2139\213q\004\211½\bûÿÿ\213\225\bûÿÿ\211µ\fûÿÿ\213½tûÿÿ\213\215\fûÿÿ1×1Á\tù\017\205\003ÿÿÿ\213Uà\211\225(ûÿÿ\211\225pûÿÿ\213µ(ûÿÿ\205öto\213½(ûÿÿ¹,"(gdb)x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*C0xb7edb350 <system>0xb7e10348 <sendfile+40>:        
"\201Á\224§\006"ebx            0xbfa6c69c       -1079589220esp            
0xbfa6c45c       0xbfa6c45cebp            0xbfa6c468       
0xbfa6c468esi            0xbfa6c71a       -1079589094edi            
0xb7e7aadc       -1209554212eip            0xb7e0fde8       0xb7e0fde8 
<poll+56>xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 
0x0},  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 
0x0,    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 
0x0},  uint128 = 0x00000000000000000000000000000000}xmm1           {v4_float = 
{0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},  v16_int8 = {0x0 <repeats 16 
times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,    0x0, 0x0, 0x0}, v4_int32 = 
{0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},  uint128 = 
0x00000000000000000000000000000000}xmm2           {v4_float = {0x0, 0x0, 0x0, 
0x0}, v2_double = {0x0, 0x0},  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = 
{0x0, 0x0, 0x0, 0x0, 0x0,    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, 
v2_double = {0x0, 0x0},  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 
0x0, 0x0, 0x0, 0x0,    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},  uint128 = 
0x00000000000000000000000000000000}xmm7           {v4_float = {0x0, 0x0, 0x0, 
0x0}, v2_double = {0x0, 0x0},  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = 
{0x0, 0x0, 0x0, 0x0, 0x0,    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, 
v2_int64 = {0x0, 0x0},  uint128 = 
0x00000000000000000000000000000000}mxcsr          0x1f80   8064mm0            
{uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,    0x0, 0x0}, 
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}mm1            {uint64 = 
0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,    0x0, 0x0}, v8_int8 = {0x0, 
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}mm2            {uint64 = 0x0, v2_int32 = 
{0x0, 0x0}, v4_int16 = {0x0, 0x0,    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 
0x0, 0x0, 0x0, 0x0}}mm3            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, 
v4_int16 = {0x0, 0x0,    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}}mm4            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0,    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0}}mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0,    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0}}mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 
0x0,    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0}}mm7            {uint64 = 0xe41900e9e96363f9, v2_int32 = {0xe96363f9,    
0xe41900e9}, v4_int16 = {0x63f9, 0xe963, 0xe9, 0xe419}, v8_int8 = {0xf9,    
0x63, 0x63, 0xe9, 0xe9, 0x0, 0x19, 0xe4}}0xb7e4e90b 0x080a806c 0x80a8791  
0x80a933e 0x80aa391 0x80afc9c <aes_encrypt+1356>:    ""gdb) x/a8 0x0a106A 
syntax error in expression, near `0x0a106'.(gdb) call 0x0a106$2 = 41222(gdb) 
ret 0x0a106Make selected stack frame return now? (y or n)   #0  0x080a5554 in 
ast_safe_system ()(gdb) ret 0x0a106Make selected stack frame return now? (y or 
n) yx86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> 
x86*Cbuild/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Quit this debugging session? (y or n)Please 
answer y or n./build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.0xb7f8e350 0xb7f8e505:      
"\207߸®"/build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable./build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Create a core file of GDB? (y or n) 
y/build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Quit this debugging session? (y or n)Please 
answer y or n./build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Quit this debugging session? (y or n) n#0  
0xb7e8dde8 in poll () from /lib/tls/libc.so.6#1  0x080a5554 in ast_safe_system 
()x/0xcd b7e8de85#0  0xb7e8dde8 in ?? () from /lib/tls/libc.so.6#1  0x080a5554 
in ?? ()(gdb) ret 0x80a5554Make selected stack frame return now? (y or n) 
y      0xb7e8de85 <posix_fadvise+37>:  0xcd(gdb)
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*(gdb) backtrace#0  0x080a5554 in ast_safe_system 
()(gdb)         0x80a55ac <ast_safe_system+2126>:       0x0b(gdb)0x80a55e6 
<ast_safe_system+2184>:       0x20(gdb)x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>0x80a55b9 40x0x080a4d81 
<ast_safe_system+35>:        je     0x80a4e34 <ast_safe_system+214>0x080a4d9d 
<ast_safe_system+63>:        je     0x80a4e52 <ast_safe_system+244>0x080a4da3 
<ast_safe_system+69>:        jle    0x80a4ea5 <ast_safe_system+327>0x080a4de1 
<ast_safe_system+131>:       call   0x8054e48 
<pthread_mutex_lock@plt>0x080a4da9 <ast_safe_system+75>:        lea    
0x68(%esp),%ebp0x080a4dad <ast_safe_system+79>:        lea    
0x20(%esp),%edi0x080a50cd <ast_safe_system+879>:       call   0x80551a8 
<snprintf@plt>0x080a50d2 <ast_safe_system+884>:       cmpb   
$0x0,0x1c(%esp)0x080a50d7 <ast_safe_system+889>:       je     0x80a5114 
<ast_safe_system+950>0x080a50d9 <ast_safe_system+891>:       mov    
0x81093c0,%edx0x080a50df <ast_safe_system+897>:       test   
%edx,%edx0x080a50e1 <ast_safe_system+899>:       je     0x80a53b7 
<ast_safe_system+1625>0x080a50e7 <ast_safe_system+905>:       mov    
0x81093bc,%eax0x080a50ec <ast_safe_system+910>:       test   
%eax,%eax0x080a50ee <ast_safe_system+912>:       je     0x80a53b7 
<ast_safe_system+1625>0x080a50f4 <ast_safe_system+918>:       lea    
0x1c(%esp),%eax0x080a50f8 <ast_safe_system+922>:       mov    
%eax,0xc(%esp)0x080a50fc <ast_safe_system+926>:       movl   
$0x12,0x8(%esp)0x080a5104 <ast_safe_system+934>:       lea    
0x6c(%esp),%eax0x080a5108 <ast_safe_system+938>:       mov    
%eax,0x4(%esp)0x080a51a7 <ast_safe_system+1097>:      call   0x805fd1e 
<ast_active_channels>0x080a51ac <ast_safe_system+1102>:      mov    
$0x80eac4a,%edx0x080a51b1 <ast_safe_system+1107>:      test   
%eax,%eax0x080a51b3 <ast_safe_system+1109>:      jne    0x80a51ba 
<ast_safe_system+1116>0x080a510c <ast_safe_system+942>:       mov    
%edx,(%esp)      0x080a5308 <ast_safe_system+1450>:      call   0x8054ef8 
<execvp@plt>0xb7f77365
<system+21>:  "\211\004$èg\215ÿÿZ[]Ã", '\220' <repeats 15
times>, "U\211å\203ì\b\211|$\004\213}\b\2114$e\2135\b0x080a5375 
<ast_safe_system+1559>:      jmp    0x80a5199 <ast_safe_system+1083>0x080a537a 
<ast_safe_system+1564>:      call   0x805fd1e <ast_active_channels>0x080a537f 
<ast_safe_system+1569>:      mov    $0x80eac04,%edx0x080a5384 
<ast_safe_system+1574>:      test   %eax,%eax0x080a5386 
<ast_safe_system+1576>:      jne    0x80a538d <ast_safe_system+1583>0x080a5388 
<ast_safe_system+1578>:      mov    $0x80eac4c,%edx0x080a538d 
<ast_safe_system+1583>:      mov    %edi,0x8(%esp)0x080a5391 
<ast_safe_system+1587>:      mov    %edx,0x4(%esp)0x080a5395 
<ast_safe_system+1591>:      movl   $0x80eac0e,(%esp)0x080a539c 
<ast_safe_system+1598>:      call   0x8056989 <ast_verbose>0x080a53a1 
<ast_safe_system+1603>:      jmp    0x80a5199 <ast_safe_system+1083>0x080a53a6 
<ast_safe_system+1608>:      movl   $0x80ebaec,(%esp)0x080a53ad 
<ast_safe_system+1615>:      call   0x8056989 <ast_verbose>0x080a53b2 
<ast_safe_system+1620>:      jmp    0x80a5143 <ast_safe_system+997>0x080a53b7 
<ast_safe_system+1625>:      call   0x80a3de7 <ast_set_priority+2778>0x080a53bc 
<ast_safe_system+1630>:      mov    0x81093c0,%edx0x080a53c2 
<ast_safe_system+1636>:      jmp    0x80a50f4 <ast_safe_system+918>0x080a53c7 
<ast_safe_system+1641>:      mov    $0x80e7f14,%eax0x080a53cc 
<ast_safe_system+1646>:      jmp    0x80a501e <ast_safe_system+704>0x080a53d1 
<ast_safe_system+1651>:      sub    $0xc,%esp0x080a53d4 
<ast_safe_system+1654>:      mov    $0x1,%eax0x080a56f7 
<ast_safe_system+2457>:      mov    %eax,(%esp)0x080a56fa 
<ast_safe_system+2460>:      call   0x8054a78 <fprintf@plt>0x080a56ff 
<ast_safe_system+2465>:      call   0x808c708 <term_quit>0x080a59c2 
<ast_safe_system+3172>:      je     0x80a59e6 <ast_safe_system+3208>0x080a59c4 
<ast_safe_system+3174>:      movl   $0x0,0xc(%esp)0x080a59cc 
<ast_safe_system+3182>:      movl   $0xa,0x8(%esp)0x080a59d4 
<ast_safe_system+3190>:      movl   $0x0,0x4(%esp)0x080a59dc 
<ast_safe_system+3198>:      mov    %ebx,(%esp)0x080a59df 
<ast_safe_system+3201>:      call   0x8054ec8 <__strtol_internal@plt>0x080a59e4 
<ast_safe_system+3206>:      mov    %eax,%ebp0x080a59e6 
<ast_safe_system+3208>:      mov    0x81093b8,%eax0x080a59eb 
<ast_safe_system+3213>:      mov    %eax,0xc(%esp)0x080a59ef 
<ast_safe_system+3217>:      movl   $0x80eacc4,0x8(%esp)0x080a59f7 
<ast_safe_system+3225>:      movl   $0x50,0x4(%esp)0x080a59ff 
<ast_safe_system+3233>:      lea    0x20(%esp),%ebx0x080a5a03 
<ast_safe_system+3237>:      mov    %ebx,(%esp)0x080a5a06 
<ast_safe_system+3240>:      call   0x80551a8 <snprintf@plt>0x080a5a0b 
<ast_safe_system+3245>:      mov    %ebx,%edx0x080a5a0d 
<ast_safe_system+3247>:      mov    0x8104178,%eax<ast_safe_system+2185>:       
0xff(gdb)x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86(0100 times 3 pages)when I type ret and half way through the 
address it prints x86*CLI> for 3 pages. (even after I let it idle for a 
while)0x80a560a <ast_safe_system+2220>:       0x00(gdb)x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI>
x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> x86*Cvery large keeps going 
100x0x80a56a0 <ast_safe_system+2370>:       0x040x80a5736 
<ast_safe_system+2520>:       0x08(gdb)x86*CLI> x86*CLI> x86*CLI> 0x80a5737 
<ast_safe_system+2521>:    0xe8(gdb)x86@3[newsploit]$ gdb gdbGNU gdb 
6.4-debianCopyright 2005 Free Software Foundation, Inc.GDB is free software, 
covered by the GNU General Public License, and you arewelcome to change it 
and/or distribute copies of it under certain conditions.Type "show copying" to 
see the conditions.There is absolutely no warranty for GDB.  Type "show 
warranty" for details.This GDB was configured as "i486-linux-gnu"...(no 
debugging symbols found)Using host libthread_db library 
"/lib/tls/libthread_db.so.1".(gdb) x 0x80a561b0x80a561b 
<validate_actionline+606>:    0xfd1400e8(gdb)0x80a561f 
<validate_actionline+610>:    0xec4589ff(gdb)0x80a5623 
<validate_actionline+614>:    0xffff60e9(gdb)0x80a5627 
<validate_actionline+618>:    0x2444c7ff(gdb)0x80a562b 
<validate_actionline+622>:    0x0a250704(gdb)0x80a562f 
<validate_actionline+626>:    0x24348908(gdb)0x80a5633 
<validate_actionline+630>:    0x006825e8(gdb)0x80a5637 
<validate_actionline+634>:    0x0fc08500(gdb)0x80a563b 
<validate_actionline+638>:    0x00008f84(gdb)0x80a563f 
<validate_actionline+642>:    0xec4d8b00rogram received signal SIGINT, 
Interrupt.0xb7e55de8 in poll () from /lib/tls/libc.so.6(gdb) x 
0xb7e55de80xb7e55de8 <poll+56>:   0x003dfb87(gdb)0xb7e55dec <poll+60>:   
0x89fffff0(gdb)0xb7e55df0 <poll+64>:   0x893b77c7    gdb) backtrace#0  
0xb7e55de8 in poll () from /lib/tls/libc.so.6#1  0x08112244 in gdb_do_one_event 
()#2  0x0810f303 in catch_errors ()#3  0x080bbd21 in _initialize_tui_hooks 
()#4  0x0810f59b in current_interp_command_loop ()#5  0x080779cb in main 
()(gdb) ret 0x9010f5cb0  0x08112244 in gdb_do_one_event ()x/s $eip0x8113d33
<inferior_event_handler_wrapper+49>:   "ÉÃ", '\220' <repeats
11 times>, "U\211å¡Ði(\b]ÃU\211å1À]ÃU\211åWVS\203ì\034Ç\004$\004"(gdb)0x81183b3
<gdbarch_pseudo_register_write+216>:  
"Ç\004$|^#\bèepöÿU\211å\213U\f\213E\b\211Pt]ÃU\211åS\203ì\024\213]\b\205Ût/\213Cx\203øÿtk\203=ðã(\b\001~\030ÇD$\004áZ#\b¡h!*\b\211\004$èQ\200öÿ\213Cx\203Ä\024[]ÃÇD$\b\005"(gdb0x811b40d
 <set_gdbarch_unwind_sp+15>:    "]ÃU\211åVS\203ì 
\213]\b\213u\f\205Ût9\213\213X\001"(gdb)0x811b426 
<gdbarch_deprecated_saved_pc_after_call+23>:   ""(gdb)0x811b427
<gdbarch_deprecated_saved_pc_after_call+24>:  
"\205Éts\203=ðã(\b\001~\033ÇD$\004ü¤#\b¡h!*\b\211\004$è\tPöÿ\213\213X\001"(gdb)0x811b44e
 <gdbarch_deprecated_saved_pc_after_call+63>:   ""(gdb)0x811b44f 
<gdbarch_deprecated_saved_pc_after_call+64>:   "\211u\b\203Ä 
[^]ÿáÇD$\b\005"(gdb)0x811b460 <gdbarch_deprecated_saved_pc_after_call+81>:   
""(gdb)0x811b461 <gdbarch_deprecated_saved_pc_after_call+82>:   
""(gdb)0x811b462 <gdbarch_deprecated_saved_pc_after_call+83>:   "ÇD$\004\226s 
\bÇ\004$"(gdb)(it's jumping around) possible jmp trick exploit found0x811b5d5 
<set_gdbarch_frame_num_args+15>:       "]ÃU\211åVS\203ì 
\213]\b\213u\f\205Ût9\213\213`\001"(gdb)0x811b5ee 
<gdbarch_deprecated_stack_align+23>:   ""(gdb)0x811b5ef
<gdbarch_deprecated_stack_align+24>:  
"\205Éts\203=ðã(\b\001~\033ÇD$\004\224¥#\b¡h!*\b\211\004$èANöÿ\213\213`\001"(gdb)0x811b616
 <gdbarch_deprecated_stack_align+63>:   ""(gdb)0x811cfb5
<deprecated_register_gdbarch_swap+52>:        
"\213\023\213E\020\211B\b\213E\b\211\002\213E\f\211B\004\203Ä\004[]ÃU\211åVS\203ì
\2135ài(\b\205ötW\213^$\205Ût=\213C\004\213\v\213\020\213@\004\211D$\b\211T$\004\211\f$诣õÿ\213C\004\213\020\213@\004\211D$\bÇD$\004"(gdb)(being
 run as regular user )Unable to connect to remote asterisk (does 
/var/run/asterisk/asterisk.ctl exist?)Program exited with code 01.(gdb) run 
asterisk -r |Starting program: /usr/sbin/asterisk asterisk -r |/bin/bash: -c: 
line 1: syntax error: unexpected end of fileProgram exited with code 02.You 
can't do that without a process to debug.(gdb) run asterisk -r |x86*CLI> 
x86*CLI> x86*CLI> Quit(gdb) run asterisk -vvvvvcStarting program: 
/usr/sbin/asterisk asterisk -vvvvvc(no debugging symbols found)Error in 
re-setting breakpoint 1:Function "main" not defined.(no debugging symbols 
found)Error in re-setting breakpoint 1:Function "main" not defined.(no 
debugging symbols found)Error in re-setting breakpoint 1:Function "main" not 
defined.[Thread debugging using libthread_db enabled][New Thread -1212167968 
(LWP 32289)](no debugging symbols found)Error in re-setting breakpoint 
1:Function "main" not defined.(no debugging symbols found)Error in re-setting 
breakpoint 1:Function "main" not defined.(no debugging symbols found)Error in 
re-setting breakpoint 1:Function "main" not defined.(no debugging symbols 
found)Error in re-setting breakpoint 1:Function "main" not defined.(no 
debugging symbols found)Error in re-setting breakpoint 1:Function "main" not 
defined.(no debugging symbols found)Error in re-setting breakpoint 1:Function 
"main" not defined.(no debugging symbols found)Error in re-setting breakpoint 
1:Function "main" not defined.(no debugging symbols found)Error in re-setting 
breakpoint 1:Function "main" not defined.Unable to open pid file 
'/var/run/asterisk/asterisk.pid': Permission denied[New Thread -1212171344 (LWP 
32293)][Thread -1212171344 (LWP 32293) exited]Unable to bind socket to 
/var/run/asterisk/asterisk.ctl: Address already in use  == Parsing 
'/etc/asterisk/asterisk.conf': Not found (Permission denied)  == Parsing 
'/etc/asterisk/extconfig.conf': Not found (Permission denied)Asterisk 1.2.7.1, 
Copyright (C) 1999 - 2006 Digium, Inc. and others.Created by Mark Spencer 
<markster@digium.com>Asterisk comes with ABSOLUTELY NO WARRANTY; type 'show 
warranty' for details.This is free software, with components licensed under the 
GNU General PublicLicense version 2 and other licenses; you are welcome to 
redistribute it undercertain conditions. Type 'show license' for 
details.========================================================================= 
 == Parsing '/etc/asterisk/logger.conf': Not found (Permission denied)Unable to 
open logger.conf: Permission deniedrJan 18 07:36:58 ERROR[32289]: logger.c:625 
init_logger: Unable to create event log: Permission denied  #0  0xb7da1ea4 in 
__libc_start_main () from /lib/tls/libc.so.6(gdb)Make selected stack frame 
return now? (y or n) y#0  0x080554f1 in ?? ()(gdb)Make selected stack frame 
return now? (y or n) y/build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Quit this debugging session? (y or n)          
\f\213E\b\211]ôè³\213ÿÿ\201ÃÍ4"(gdb)0xb7f7b70c 
<pthread_getaffinity_np@@GLIBC_2.3.4+28>:     ""(gdb)0xb7f7b70d 
<pthread_getaffinity_np@@GLIBC_2.3.4+29>:     
"\211}ü\205ö\213U\020\213xH\211ñxJ\207߸ò"(gdb)0xb7f7b721 
<pthread_getaffinity_np@@GLIBC_2.3.4+49>:     ""(gdb)0xb7f7b722 
<pthread_getaffinity_np@@GLIBC_2.3.4+50>:     ""(gdb)0xb7f7b723 
<pthread_getaffinity_np@@GLIBC_2.3.4+51>:     "Í\200\207û="(gdb)0xb7f7b729 
<pthread_getaffinity_np@@GLIBC_2.3.4+57>:     
"ðÿÿv\022\213]ô÷Ø\213uø\213}ü\211ì]Ã\215v"(gdb)0xb7f7b740
<pthread_getaffinity_np@@GLIBC_2.3.4+80>:    
")Æ\215\f\0021Ò\211t$\b\211T$\004\211\f$è\215\212ÿÿ\213]ô1À\213uø\213}ü\211ì]ùÿÿÿ\177ë¯\215v"(gdb)0xb7f7b770
 <pthread_getaffinity_np@GLIBC_2.3.3>:         "U¹\200"(gdb)0xb7f7b774 
<pthread_getaffinity_np@GLIBC_2.3.3+4>:       
""(gdb)                                         0x000008ec in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x080ec8c4 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x080ec594 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x08110800 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0xb7f43bf6 in 
_dl_rtld_di_serinfo () from 
/lib/ld-linux.so.2(gdb)                                              ret 
0xb7da1ea4LI> x86*CLI> x86*CLI> x86*CLI> x86*CLI> #0  0x080554f1 in ?? 
()(gdb)Make selected stack frame return now? (y or n) 
y/build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Quit this debugging session? (y or n)  gdb)Make 
selected stack frame return now? (y or n) y#0  0x00000001 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x00000000 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x080ec8a6 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x080ec640 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0x08110800 in ?? ()(gdb)Make 
selected stack frame return now? (y or n) y#0  0xb7ece52e in in6addr_any ()   
from /lib/tls/libc.so.6(gdb) backtrace#0  0xb7ece52e in in6addr_any () from 
/lib/tls/libc.so.6#1  0xb7fb7eec in ?? ()    () from 
/lib/tls/libpthread.so.0(gdb) backtrace#0  0xb7f3d312 in sysctl_args.0 () from 
/lib/tls/libpthread.so.0#1  0xb7f61b30 in _dl_rtld_di_serinfo () from 
/lib/ld-linux.so.2#2  0xb7f35717 in __pthread_initialize_minimal_internal ()   
from /lib/tls/libpthread.so.0#3  0xb7d62ea4 in __libc_start_main () from 
/lib/tls/libc.so.6#4  0x080554f1 in ?? ()   () from 
/lib/tls/libpthread.so.0(gdb) backtrace#0  0xb7f4a310 in sysctl_args.0 () from 
/lib/tls/libpthread.so.0#1  0xb7f4a312 in sysctl_args.0 () from 
/lib/tls/libpthread.so.0#2  0xb7f6eb30 in _dl_rtld_di_serinfo () from 
/lib/ld-linux.so.2#3  0xb7f42717 in __pthread_initialize_minimal_internal ()   
from /lib/tls/libpthread.so.0#4  0xb7d6fea4 in __libc_start_main () from 
/lib/tls/libc.so.6#5  0x080554f1 in ?? ()#0  0xb7dd0ea4 in __libc_start_main () 
from /lib/tls/libc.so.6(gdb)Make selected stack frame return now? (y or n) y#0  
0x080554f1 in ?? ()(gdb)Make selected stack frame return now? (y or n) 
y/build/buildd/gdb-6.4/gdb/frame.c:616:
internal-error: frame_register: Assertion `frame != NULL &&
frame->next != NULL' failed.A problem internal to GDB has been detected,further 
debugging may prove unreliable.Object file /usr/sbin/asterisk:  Objfile at 
0x82efce8, bfd at 0x82de9c0, 1178 minsymsObject file system-supplied DSO at 
0xffffe000:  Objfile at 0x83334c8, bfd at 0x8303d50, 4 minsymsObject file 
/lib/tls/libdl.so.2:  Objfile at 0x83999b8, bfd at 0x836be08, 31 minsymsObject 
file /lib/tls/libpthread.so.0:  Objfile at 0x83aa900, bfd at 0x831eb80, 696 
minsymsObject file /lib/libncurses.so.5:  Objfile at 0x83dd1b0, bfd at 
0x8359e08, 760 minsymsObject
file /lib/tls/libm.so.6:  Objfile at 0x8400e80, bfd at 0x8319958, 331
min---Type <return> to continue, or q <return> to quit---symsObject file 
/lib/tls/libresolv.so.2:  Objfile at 0x84197f0, bfd at 0x831e8b0, 135 
minsymsObject file /usr/lib/i686/cmov/libssl.so.0.9.8:  Objfile at 0x842b9f0, 
bfd at 0x8359128, 665 minsymsObject file /lib/tls/libc.so.6:  Objfile at 
0x84590f0, bfd at 0x83b4338, 2120 minsymsObject file /lib/ld-linux.so.2:  
Objfile at 0x84c11e0, bfd at 0x83228f0, 32 minsymsObject file 
/usr/lib/i686/cmov/libcrypto.so.0.9.8:  Objfile at 0x84c91e8, bfd at 0x8461160, 
3344 minsyrogram exited with code 01.(gdb) x0xb7da1ea5 
<CAST_S_table0+60645>:        "PublicKey"(gdb)0xb7da1eaf 
<CAST_S_table0+60655>:        "i2d_RSA_NET"(gdb)0xb7da1ebb 
<CAST_S_table0+60667>:        "i2d_RSA_PUBKEY"(gdb)0xb7da1eca 
<CAST_S_table0+60682>:        "LONG_C2I"(gdb)0xb7da1ed3 
<CAST_S_table0+60691>:        "OID_MODULE_INIT"(gdb)0xb7da1ee3 
<CAST_S_table0+60707>:        "PARSE_TAGGING"(gdb)0xb7da1ef1 
<CAST_S_table0+60721>:        "PKCS5_pb0xb7da20c0 <CAST_S_table0+61184>:        
"PBEPARAM"(gdb)0xb7da20c9 <CAST_S_table0+61193>:        "salt"(gdb)0xb7da20ce 
<CAST_S_table0+61198>:        "iter"(gdb)0xb7da20d3 
<CAST_S_table0+61203>:        "p5_pbe.c"(gdb)0xb7da20dc 
<CAST_S_table0+61212>:        "PBKDF2PARAM"(gdb)0xb7da20e8 
<CAST_S_table0+61224>:        "PBE2PARAM"(gdb)0xb7da20f2 
<CAST_S_table0+61234>:        "keyfunc"(gdb)0xb7da20fa 
<CAST_S_table0+61242>:        "p5_pbev2.c"(gdb)0xb7da2105 
<CAST_S_table0+61253>:        "PKCS8_PRIV_KEY_INFO"(gdb)0xb7da2119 
<CAST_S_table0+61273>:        "pkeyalg"(gdb)0xb7da2121 
<CAST_S_table0+61281>:        "oid_section"0xb7da21b8 
<CAST_S_table0+61432>:        "strlen(objstr)+23+2*enc->iv_len+13 <= sizeof 
buf"                               (string exploit here)gdb) disas 
0xb7da31e4Dump of assembler code for function CAST_S_table0:nable to open pid 
file '/var/run/asterisk/asterisk.pid': Permission denied[New Thread -1211937872 
(LWP 15438)]Program received signal SIGINT, Interrupt.[Switching to Thread 
-1211934496 (LWP 15437)]0xb7e0654c in nanosleep () from /lib/tls/libc.so.6(gdb) 
backtrace#0  0xb7e0654c in nanosleep () from /lib/tls/libc.so.6#1  0xb7e3ce2a 
in usleep () from /lib/tls/libc.so.6#2  0x080b34a8 in test_for_thread_safety 
()#3  0x00000064 in ?? ()#4  0x00000000 in ?? ()null byte - 0xb7da33cc 
<STORE_param_sizes+348>:      "\n"0xb7e7e770 <catanh+176>:         
"ÝE\f\203þ\002\017\224À1Ò\203ÿ\002\017\224ÂÝ]Ø\205ÐÝE\024uÆÙ\203¤¯ÿÿÙÁÞÊÝE\fÝE\fÙÉØêÙÉØÂÙËÝUÐÙÉØÈÙËØÈÙËØÁÙËÞÁÝ\034$Ý]¨Ý]¸èj·ÿÿÝE¸ÙÉÝ]ØÝ\034$èZ·ÿÿÜmØÝE¨ÝE\024ÙÊØ\213è´ÿÿÙÊØÀÙÊÝ]ØÝE\fØÈÞéÜeÐÙóÝ]à\213E\bÝEàØ\213¨¯ÿÿÝEØéDÿÿÿ\215»Ð®ÿÿ\211<$èOåÿÿ\213E\bÝUØÝEØÙÉÝX\bÝ\030\213]ô\213uø\213"...(gdb)(parts
 lit up in black and blinking)(looks like hi-ascii)

--- End Message ---
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • gdb bug, digit2004 <=
Previous by Date:  [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure), Admin
Next by Date:  C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, Eyal Udassin
Previous by Thread:  [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure), Admin
Next by Thread:  C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow, Eyal Udassin
Indexes:  [Date] [Thread] [Top] [All Lists]