Full Disclosure mailing list archives
(no subject)
From: "steven.mcdonald" <steven.mcdonald () insightbb com>
Date: Tue, 18 May 2004 08:36:24 -0400
Oliver, Quickly testing the below string at the command line does crash perl.exe. I have ActivePerl 5.8.0 Build 805 install on a Windows 2000 machine. perl -e "$a="A" x 256; system($a)" -----Original Message----- From: Oliver () greyhat de [mailto:Oliver () greyhat de] Sent: Monday, May 17, 2004 4:24 PM To: full-disclosure () lists netsys com Cc: bugtraq () securityfocus com Subject: Buffer Overflow in ActivePerl ? hi folks, i played around with ActiveState's ActivePerl for Win32, and crashed Perl.exe with the following command: perl -e "$a="A" x 256; system($a)" I wonder if this bug isnt known?!? Because system() is a very common command.... Can anybody reproduce this? I put together a little advisory on my website, including version information and a debugger output (Drwatson): http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt PS: Due to travel activity, i will not be able to respond to mails within the next 8 days! Regards, Oliver
Current thread:
- (no subject) Angelo Rosiello (May 05)
- <Possible follow-ups>
- (no subject) steven.mcdonald (May 18)