Vulnerability Development mailing list archives
some things to play with
From: typo () SCENE AT (Firstname Lastname)
Date: Thu, 13 Jul 2000 11:39:31 +0200
too lazy to check thse: enemy:~# perl5.6.0 -e 'print "\$\{" . "x" x 300 . "};"' > frob.pl enemy:~# perl5.00503 frob.pl Segmentation fault (core dumped) enemy:~# perl5.6.0 frob.pl Identifier too long at frob.pl line 1. enemy:~# cat 2b.c #include <unistd.h> int main(int argc, char **argv) { if (argc < 2) exit(-1); execvp(argv[1], &argv[2]); } null pointer crashes in str(r)chr(), basename, ... weird behaviour in some other privileged programs (argc = 0)... enemy:~# ./2b /usr/bin/gpasswd Segmentation fault (core dumped) enemy:~# ./2b /usr/bin/at Segmentation fault (core dumped) enemy:~# ./2b /usr/bin/chage Segmentation fault (core dumped) ...(lots more) never said any of these are exploitable.. -- so much entropy, so little time
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Erich Meier (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 07)
- Re: BitchX /ignore bug Juan M. Courcoul (Jul 07)
- remote exploit Jim Stickley (Jul 07)
- Re: remote exploit Bluefish (Jul 08)
- Re: remote exploit Gerardo Richarte (Jul 10)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)
- some things to play with Firstname Lastname (Jul 13)
- Re: some things to play with Vladimir Dubrovin (Jul 14)
- Re: some things to play with Firstname Lastname (Jul 14)
- Re: some things to play with Vladimir Dubrovin (Jul 17)
- Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
- Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)
- (NT) When exploit CGI's that allow viewing of files... Marc (Jul 06)
- Re: (NT) When exploit CGI's that allow viewing of files... Blue Boar (Jul 06)