Vulnerability Development mailing list archives
Re: man -K overflow
From: John <johns () TAMPABAY RR COM>
Date: Wed, 14 Feb 2001 18:14:26 -0500
This doesn't apply to Debian 2.3 because -K isn't a switch.
Though a valid switch is -k it's not affected by this.
john@nbs:/usr/local/$ man -K `perl -e '{print "A"x"8285"}'`
man: invalid option -- K
"enthh () FLASH NET" wrote:
man crashes when too many characters (around 8300) are passed thru the
-K option (tested in Slackware 7.0.0).
$ man -K `perl -e '{print "A"x"8285"}'`
Segmentation fault (core dumped)
$
it isnt exploitable, as the buffer is modified before it segv's.
enthh
Current thread:
- man -K overflow enthh () FLASH NET (Feb 14)
- Re: man -K overflow Knud Erik Højgaard - CyberCity Support (Feb 18)
- Re: man -K overflow Rodrigo Barbosa (aka morcego) (Feb 19)
- Re: man -K overflow Enrique Maglietta (Feb 19)
- Re: man -K overflow Arturo Busleiman (Feb 19)
- Re: man -K overflow Petr Hrbek (Feb 19)
- Re: man -K overflow Thomas Cannon (Feb 19)
- Re: man -K overflow Damian Menscher (Feb 19)
- Re: man -K overflow enthh () FLASH NET (Feb 19)
- Re: man -K overflow Rodrigo Barbosa (aka morcego) (Feb 19)
- Re: man -K overflow Knud Erik Højgaard - CyberCity Support (Feb 18)
- <Possible follow-ups>
- Re: man -K overflow Techno Bob (Feb 20)