Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: vi buffer overflow

From: Robert Jaroszuk <shf () nsm pl>
Date: Fri, 9 Nov 2001 12:44:02 +0100
On Fri, 09 Nov 2001, Kaneda Akira wrote:

; Did some testing of my own.
; 
; on Redhat 7.0 (VIM 5.7.8)
; # vi `perl -e 'print "A" x 9000'`
; Vim: Caught deadly signal SEGV
; Vim: Finished.
; Segmentation fault (core dumped)
; # uname -a
; Linux riven 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown
; #
; 
; however du on redhat 7 was okay (du version 4.0x)
; 
; Also tested my slackware 7 system, vi and du didnt
; crash (vi/elvis 2.1_4, du 4.0)
; [Slackware system: Linux myst 2.2.16 #121 Fri Jun 16 20:43:40 PDT 2000
; i486 unknown]

$ vi `perl -e 'print "A" x 9000'`
Vim: Caught deadly signal SEGV
Vim: Finished.
Segmentation fault
$ dpkg -s vim | grep Version
Version: 5.8.007-4
$

du is okay:
$ du `perl -e 'print "A" x 9000'`
AAAAAAAAAAA........
.
.
.
.
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA': File name too long
$

nvi is not vulnerable too, it didn't crash.

[12:40](shf@equinox tmp)$ dpkg -s nvi | grep -i version
Version: 1.79-17
[12:40](shf@equinox tmp)$

Tested on Debian sid with kernel 2.2.20.

   shf

--
............... Robert Jaroszuk - <shf () nsm pl> ...............
GCS/O d? s: a--- C+++ UL++++$ P+ L+++>++++ E- W- N+ !K w--- O- 
M- V- PS+ PE Y(+) PGP-(+) t-- X- R tv-- b++>++++ DI+ D h(!) !r 
... Najznamienitszy wojownik wygrywa bez walki. (Sun Tzu). ...
Previous By Date Next
Previous By Thread Next

Current thread: