Vulnerability Development mailing list archives
Re: New bugs discovered!
From: Syzop <syz () dds nl>
Date: Mon, 19 Nov 2001 21:02:56 +0100
jnf wrote:
Am I just stupid? How does that work? esp 0xbffff210 0xbffff210 eip 0x40071a47 0x40071a47 he didnt even overwrite the esp/eip??
That's right, the crash is because of the free() at gzip.c line 1719: if (env != NULL) free(env), env = NULL; it's trying to free(0x41414141) if you pass a lot of A'z. However, free() bugs are also exploitable... see for example the two articles (8&9) in the last phrack (#57). Syzop.
Current thread:
- Re: New bugs discovered!, (continued)
- Re: New bugs discovered! Ciprian Csordas (Nov 19)
- Re: New bugs discovered! Chris Ess (Nov 19)
- Re: New bugs discovered! Bernhard Rosenkraenzer (Nov 19)
- Re: New bugs discovered! Valdis . Kletnieks (Nov 19)
- Re: New bugs discovered! InterceptiX Security (Nov 19)
- Re: New bugs discovered! Ron DuFresne (Nov 19)
- Re: New bugs discovered! Meritt James (Nov 19)
- Re: New bugs discovered! GomoR (Nov 19)
- Re: New bugs discovered! sy4n (Nov 19)
- Re: New bugs discovered! jnf (Nov 19)
- Re: New bugs discovered! Syzop (Nov 19)
- Re: New bugs discovered! X (Nov 19)
- Re: New bugs discovered! Croquette Friskies (Nov 19)
- Re: New bugs discovered! The Itch (Nov 19)
- Re: New bugs discovered! Alex Butcher (vuln-dev) (Nov 20)
- RE: New bugs discovered! dave . goldsmith (Nov 19)
- RE: New bugs discovered! DePriest, Jason R. (Nov 19)