Vulnerability Development mailing list archives
gawk bufferoverflow
From: eSDee <eSDee () netric org>
Date: 17 Apr 2002 17:39:59 -0000
Netric Security Team - http://www.netric.org by sacrine GNU Awk 3.1.0 Type: Stackoverflow Priority: 3 [01] Description [02] Proof of concept [03] Vendor response [01] Description GNU Awk(gawk) is a pattern scanning and processing language and implementation of the AWK programming language available at http://www.gnu.org The stackoverflow is discovered and tested against Gawk 3.1.0 on redhat 7.2 and slackware 8.0 the bug still exist after upgrading to the latest gawk package the problem: an unchecked buffer in the -f option [02] Proof of concept A proof of concept exploit can be found at: http://www.netric.org/advisories/gawk_expl.c written by eSDee [03] Vendor response The vendor is informed, but has not responded yet.
Current thread:
- gawk bufferoverflow eSDee (Apr 17)