Full Disclosure mailing list archives
RE: Re: Buffer Overflow in ActivePerl ?
From: "Bill Royds" <full-disclosure () royds net>
Date: Tue, 18 May 2004 07:22:54 -0400
C:\Documents and Settings\Bill>Perl -v This is perl, v5.8.0 built for MSWin32-x86-multi-thread (with 1 registered patch, see perl -V for more detail) Copyright 1987-2002, Larry Wall Binary build 802 provided by ActiveState Corp. http://www.ActiveState.com Built 00:54:02 Nov 8 2002 Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using `man perl' or `perldoc perl'. If you have access to the Internet, point your browser at http://www.perl.com/, the Perl Home Page. C:\Documents and Settings\Bill>perl -e "$a="A" x 256; system($a)" ===========crashes with instruction at ox78f... Referenced memory at 0x41414141 so it is a stqack overflow. Haven't tried to exploit it yet. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of rich.sf () lclogic com Sent: May 17, 2004 8:59 PM To: Oliver () greyhat de Cc: full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: [Full-disclosure] Re: Buffer Overflow in ActivePerl ? Reproduced with 5.6.1/win95. On Mon, 17 May 2004, Oliver () greyhat de wrote:
Date: Mon, 17 May 2004 22:23:56 +0200 From: "Oliver () greyhat de" <Oliver () greyhat de> To: full-disclosure () lists netsys com Cc: bugtraq () securityfocus com Subject: Buffer Overflow in ActivePerl ? hi folks, i played around with ActiveState's ActivePerl for Win32, and crashed Perl.exe with the following command: perl -e "$a="A" x 256; system($a)" I wonder if this bug isnt known?!? Because system() is a very common command.... Can anybody reproduce this? I put together a little advisory on my website, including version information and a debugger output (Drwatson): http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt PS: Due to travel activity, i will not be able to respond to mails within the next 8 days! Regards, Oliver
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Buffer Overflow in ActivePerl ? Oliver () greyhat de (May 17)
- Re: Buffer Overflow in ActivePerl ? morning_wood (May 17)
- Re: Buffer Overflow in ActivePerl ? Troels Bay (May 17)
- Re: Buffer Overflow in ActivePerl ? Stef (May 17)
- Re: Buffer Overflow in ActivePerl ? Troels Bay (May 18)
- Re: Buffer Overflow in ActivePerl ? Troels Bay (May 17)
- Re: Buffer Overflow in ActivePerl ? morning_wood (May 17)
- Re: Buffer Overflow in ActivePerl ? rich . sf (May 17)
- RE: Re: Buffer Overflow in ActivePerl ? Bill Royds (May 18)
- Re: Buffer Overflow in ActivePerl? Axel Beckert (May 18)
- Re: Re: Buffer Overflow in ActivePerl? Volker Tanger (May 18)
- Re: Re: Buffer Overflow in ActivePerl? Frederic Krueger (May 18)
- Re: Re: Buffer Overflow in ActivePerl? Volker Tanger (May 18)
- Re: Buffer Overflow in ActivePerl ? Frederic Krueger (May 18)
- ActivePerl Perl2Exe [was] Buffer Overflow in ActivePerl ? morning_wood (May 20)
- Re: ActivePerl Perl2Exe [was] Buffer Overflow in ActivePerl ? Clint Bodungen (May 20)
- ActivePerl Perl2Exe [was] Buffer Overflow in ActivePerl ? morning_wood (May 20)
- Re: Buffer Overflow in ActivePerl ? Nick FitzGerald (May 18)
- Re: Re: Buffer Overflow in ActivePerl ? npguy (May 18)
- Re: Re: Buffer Overflow in ActivePerl ? morning_wood (May 18)
- Re: Buffer Overflow in ActivePerl ? Curt Sampson (May 19)