Full Disclosure mailing list archives
Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability
From: "James Matthews" <nytrokiss () gmail com>
Date: Wed, 14 Mar 2007 22:26:29 -0400
and you would think some bugs we got rid of in open source software! On 3/14/07, starcadi starcadi <starcadi () gmail com> wrote:
Description: The source of python contain a various modules, the zlib module contain a minigzip tool, ( * minigzip is a minimal implementation of the gzip utility. ). Source error: the error was found in: - void file_compress(file, mode) because the use of strcpy() is inapropriatly -- #define MAX_NAME_LEN 1024 [..] void file_compress(file, mode) char *file; char *mode; { local char outfile[MAX_NAME_LEN]; FILE *in; gzFile out; strcpy(outfile, file); strcat(outfile, GZ_SUFFIX); -- the function file_compress() was called by main() function. Proof of concept: if you want test the vulnerability try: $ minigzip `perl -e "print 'A'x1050"` -- starcadi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability starcadi starcadi (Mar 14)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability James Matthews (Mar 14)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Ismail Dönmez (Mar 15)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Marcus Meissner (Mar 15)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Ismail Dönmez (Mar 15)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Valdis . Kletnieks (Mar 15)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Ismail Dönmez (Mar 15)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Ismail Dönmez (Mar 15)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Brian Eaton (Mar 16)
- Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability James Matthews (Mar 14)