Vulnerability Development mailing list archives
Re: vi buffer overflow
From: Robert Jaroszuk <shf () nsm pl>
Date: Fri, 9 Nov 2001 12:44:02 +0100
On Fri, 09 Nov 2001, Kaneda Akira wrote: ; Did some testing of my own. ; ; on Redhat 7.0 (VIM 5.7.8) ; # vi `perl -e 'print "A" x 9000'` ; Vim: Caught deadly signal SEGV ; Vim: Finished. ; Segmentation fault (core dumped) ; # uname -a ; Linux riven 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown ; # ; ; however du on redhat 7 was okay (du version 4.0x) ; ; Also tested my slackware 7 system, vi and du didnt ; crash (vi/elvis 2.1_4, du 4.0) ; [Slackware system: Linux myst 2.2.16 #121 Fri Jun 16 20:43:40 PDT 2000 ; i486 unknown] $ vi `perl -e 'print "A" x 9000'` Vim: Caught deadly signal SEGV Vim: Finished. Segmentation fault $ dpkg -s vim | grep Version Version: 5.8.007-4 $ du is okay: $ du `perl -e 'print "A" x 9000'` AAAAAAAAAAA........ . . . . AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA': File name too long $ nvi is not vulnerable too, it didn't crash. [12:40](shf@equinox tmp)$ dpkg -s nvi | grep -i version Version: 1.79-17 [12:40](shf@equinox tmp)$ Tested on Debian sid with kernel 2.2.20. shf -- ............... Robert Jaroszuk - <shf () nsm pl> ............... GCS/O d? s: a--- C+++ UL++++$ P+ L+++>++++ E- W- N+ !K w--- O- M- V- PS+ PE Y(+) PGP-(+) t-- X- R tv-- b++>++++ DI+ D h(!) !r ... Najznamienitszy wojownik wygrywa bez walki. (Sun Tzu). ...
Current thread:
- Re: xmalloc buffer overflow?, (continued)
- Re: xmalloc buffer overflow? Kev (Nov 09)
- Re: Vi buffer overflow Rob Paisley (Nov 13)
- Re: vi buffer overflow Kaneda Akira (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
- Re: vi buffer overflow Matias Sedalo (Nov 09)
- Re: vi buffer overflow Thomas Graf (Nov 09)
- Re: vi buffer overflow walter valenti (Nov 09)
- Re: vi buffer overflow Piyush Agarwal (Nov 09)
- Re[2]: vi buffer overflow Greg Wirth (Nov 09)
- Re: vi buffer overflow Wichert Akkerman (Nov 09)
- Re: vi buffer overflow Robert Jaroszuk (Nov 09)
- Re: vi buffer overflow Vasisht Tadigotla (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
- RE: Vi buffer overflow Lord, Steve (ISS London) (Nov 09)
- RE: Vi buffer overflow batz (Nov 09)
- RE: vi buffer overflow Blue Boar (Nov 09)
- RE: vi buffer overflow Piyush Agarwal (Nov 12)
- RE: vi buffer overflow Hubert Pasternak (Nov 12)
- RE: vi buffer overflow Piyush Agarwal (Nov 12)