Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

gawk bufferoverflow

From: eSDee <eSDee () netric org>
Date: 17 Apr 2002 17:39:59 -0000


Netric Security Team - http://www.netric.org
by sacrine

GNU Awk 3.1.0 
Type: Stackoverflow
Priority: 3

[01] Description
[02] Proof of concept
[03] Vendor response

[01] Description
     GNU Awk(gawk) is a pattern scanning and 
processing language
     and implementation of the AWK programming 
language
     available at http://www.gnu.org

     The stackoverflow is discovered and tested 
against Gawk 3.1.0
     on redhat 7.2 and slackware 8.0 
     the bug still exist after upgrading to the latest gawk 
package
    
     the problem: an unchecked buffer in the -f option

[02] Proof of concept
     A proof of concept exploit can be found at:
     http://www.netric.org/advisories/gawk_expl.c
     written by eSDee

[03] Vendor response
     The vendor is informed, but has not responded yet.
Previous By Date Next
Previous By Thread Next

Current thread: