Vulnerability Development mailing list archives
Re: m4 and format strings
From: "Samy Kamkar [CommPort5]" <CommPort5 () LucidX com>
Date: Wed, 27 Jun 2001 08:58:10 -0700
Also, testing on my machine (fbsd) I just get: m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory
Also checked gm4 on my fbsd machine and it is vuln, but is anyone aware of any other programs that depend on m4/gm4? I don't know of any other ways something like this could be exploited.. bash$ ls -l `which m4` -r-xr-xr-x 1 root wheel 16528 Oct 9 2000 /usr/bin/m4 bash$ ls -l `which gm4` -r-xr-xr-x 1 root wheel 78724 Apr 17 2000 /usr/local/bin/gm4 bash$ m4 %x,%x,%x,%x,%x,%x,%x m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory bash$ gm4 --version GNU m4 1.4 bash$ gm4 %x,%x,%x,%x,%x,%x,%x gm4: 8049495,2,bfbffc40,bfbffc4c,28070100,bfbffc38,2805d329: No such file or directory -- Samy Kamkar -- (877) 898-1424 -- CommPort5 () LucidX com LucidX.com / pdump.org / LA.pm.org
Current thread:
- m4 and format strings KF (Jun 26)
- Re: m4 and format strings Jarno Huuskonen (Jun 27)
- Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
- Re: m4 and format strings Robert van der Meulen (Jun 27)
- Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
- Re: m4 and format strings KF (Jun 27)
- Re: m4 and format strings Matt Zimmerman (Jun 27)
- Re: m4 and format strings Robert van der Meulen (Jun 27)