Vulnerability Development mailing list archives
some things to play with
From: typo () SCENE AT (Firstname Lastname)
Date: Thu, 13 Jul 2000 11:39:31 +0200
too lazy to check thse:
enemy:~# perl5.6.0 -e 'print "\$\{" . "x" x 300 . "};"' > frob.pl
enemy:~# perl5.00503 frob.pl
Segmentation fault (core dumped)
enemy:~# perl5.6.0 frob.pl
Identifier too long at frob.pl line 1.
enemy:~# cat 2b.c
#include <unistd.h>
int main(int argc, char **argv) {
if (argc < 2)
exit(-1);
execvp(argv[1], &argv[2]);
}
null pointer crashes in str(r)chr(), basename, ...
weird behaviour in some other privileged programs (argc = 0)...
enemy:~# ./2b /usr/bin/gpasswd
Segmentation fault (core dumped)
enemy:~# ./2b /usr/bin/at
Segmentation fault (core dumped)
enemy:~# ./2b /usr/bin/chage
Segmentation fault (core dumped)
...(lots more)
never said any of these are exploitable..
--
so much entropy, so little time
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Erich Meier (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 07)
- Re: BitchX /ignore bug Juan M. Courcoul (Jul 07)
- remote exploit Jim Stickley (Jul 07)
- Re: remote exploit Bluefish (Jul 08)
- Re: remote exploit Gerardo Richarte (Jul 10)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)
- some things to play with Firstname Lastname (Jul 13)
- Re: some things to play with Vladimir Dubrovin (Jul 14)
- Re: some things to play with Firstname Lastname (Jul 14)
- Re: some things to play with Vladimir Dubrovin (Jul 17)
- Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
- Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)
- (NT) When exploit CGI's that allow viewing of files... Marc (Jul 06)
- Re: (NT) When exploit CGI's that allow viewing of files... Blue Boar (Jul 06)