Vulnerability Development mailing list archives

Re: /usr/bin/ddate buffer overflow

From: poke <poke () OLY SILVERLINK NET>
Date: Sun, 11 Feb 2001 14:08:23 -0800

I found a buffer overflow in /usr/bin/ddate (version unknown)
"converts Gregorian dates to Discordian dates.." I tested it on my
Linux Box (RedHat 6.2) Look at this:

#ddate +AAAA...x 408
Segmentation Fault (core dumped)


I tested it on my RH6.2 box (2.2.16) and I saw no such thing.

-Chuck


--
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:"Condense fact from the vapor of nuance"| $s=$ARGV[0];$n='';while($s) :
: 25 -> ten.knilrevlis@wkcuhc            |  {$s=~s/(.$)//;$n=$n.$1;}   :
: 80 -> ekop/ten.knilrevlis.www//:ptth   |        print "$n\n";        :
 ----------------------------------------------------------------------
 Organization is the destruction of truth...

Current thread:

Re: ftp.exe buffer overflow ?, (continued)
- - - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
    - Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
    - Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
    - Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
    - Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
    - Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
    - Message not available
    - Re: ftp.exe buffer overflow ? Lincoln Yeoh (Feb 13)
    - Re: ftp.exe buffer overflow ? Lord Soth (Feb 11)
    - Message not available
    - Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 11)
  - Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 10)
- Re: /usr/bin/ddate buffer overflow poke (Feb 11)
- Re: /usr/bin/ddate buffer overflow s1gnal_9 (Feb 11)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 13)
  - Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 14)