Bugtraq mailing list archives

Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv

From: Boris Veytsman <borisv () lk net>
Date: Thu, 26 Sep 2002 13:44:56 -0400

From: David Endler <dendler () idefense com>
Date: Thu, 26 Sep 2002 08:58:48 -0600 (MDT)


A proof of concept exploit for Red Hat Linux designed by zen-parse is
attached to this message.  It packages the overflow and shellcode in
the "%%PageOrder:" section of the PDF.

[root@victim]# ls -al /tmp/itworked 
/bin/ls: /tmp/itworked: No such file or directory 
[root@victim]# gv gv-exploit.pdf 
[root@victim]# ls -al /tmp/itworked 
- -rw-r--r-- 1 root root 0 Aug 22 16:50 /tmp/itworked
[root@victim]#


Does not work for me:

boris@reston-0491:~/convert$ gv -v
gv 3.5.8 (debian)
boris@reston-0491:~/convert$ gv gv-exploit.pdf 
Segmentation fault
boris@reston-0491:~/convert$ ls -al /tmp/itworked
ls: /tmp/itworked: No such file or directory

-- 
Good luck

-Boris

By long-standing tradition, I take this opportunity to savage other
designers in the thin disguise of good, clean fun.
                -- P.J. Plauger, "Computer Language", 1988, April
                   Fool's column.

Current thread:

iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv David Endler (Sep 26)
- Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv Boris Veytsman (Sep 26)
- <Possible follow-ups>
- RE: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv David Endler (Sep 26)