Vulnerability Development mailing list archives

Re: /usr/bin/ddate buffer overflow

From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Sat, 10 Feb 2001 12:17:20 -0800

Are any of these setuid?

                        BB

SosPiro wrote:


I found a buffer overflow in /usr/bin/ddate (version unknown) "converts
Gregorian dates to Discordian dates.."
I tested it on my Linux Box (RedHat 6.2)
Look at this:

#ddate +AAAA...x 408
Segmentation Fault (core dumped)

sospiro

Current thread:

/usr/bin/ddate buffer overflow SosPiro (Feb 10)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)
  - Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
    - ftp.exe buffer overflow ? cyber_hunter (Feb 10)
    - Re: ftp.exe buffer overflow ? Riley Hassell (Feb 10)
    - Re: ftp.exe buffer overflow ? Mike Duncan (Feb 11)
    - Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
    - Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
    - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
    - Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
    - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
    - Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)

(Thread continues...)