Vulnerability Development mailing list archives
[Vuln-dev Challenge] Challenge #2
From: Dave McKinney <dm () securityfocus com>
Date: Fri, 23 May 2003 16:13:44 -0600 (MDT)
We are announcing the second challenge. Initially, we wanted to have this out a few days ago but were involved in testing it on multiple platforms. This challenge is a little easier than the first one, since we'd like to see more people attempting to produce a proof-of-concept. If you find it too easy, you're welcome to attempt it in an environment with a non-executable stack/heap to raise the bar a little. Here's a link to the basic guidelines (for those who missed it): http://www.securityfocus.com/archive/82/321615/2003-05-13/2003-05-19/0 (also, please retain the [Vuln-dev Challenge] string in the subject line for replies to make for easier filtering for those not interested in challenge related discussion.) --- /* vulndev2.c */ #include <stdio.h> #include <stdlib.h> #define BFSIZE 90 int main(int argc, char *argv[]) { char *bfp; char buf[BFSIZE]; FILE *f1; if (argc != 3) return 1; if ( (bfp = malloc(BFSIZE)) == NULL) return 1; /* log input */ if ( (f1 = fopen("db.log", "a+")) == NULL) return 1; fprintf(f1, ";;%s;;", argv[2]); fclose(f1); strcpy(buf, argv[1]); /* read log */ if ( (f1 = fopen("db.log", "r")) == NULL) return 1; if (fgets(bfp, BFSIZE, f1) == NULL) return 1; printf("%s\n", bfp); fclose(f1); exit(1); } --- Dave McKinney Symantec keyID: BF919DD7 key fingerprint = 494D 6B7D 4611 7A7A 5DBB 3B29 4D89 3A70 BF91 9DD7
Current thread:
- [Vuln-dev Challenge] Challenge #2 Dave McKinney (May 23)
- Re: [Vuln-dev Challenge] Challenge #2 Thomas Cannon (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 (SPOILER) Joel Eriksson (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 (SPOILER) Joel Eriksson (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Jason_Royes (May 24)
- [Vuln-dev Challenge] nonexec stack&heap solution (encrypted) Jose Ronnick (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 anon (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 spacewalker (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Jose Ronnick (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Janus N. (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Diode Trnasistor (May 26)
(Thread continues...)