Vulnerability Development mailing list archives
vim bufferoverflow
From: Izik <izik () tty64 org>
Date: Sun, 11 Nov 2001 12:58:27 +0200
Helloi've took a closer look on this vim buffer overflow, and it's seems that data you input or pass trough the as arg. has no effect on the ret (eip register) address. this mean it can't be used to build an exploit for it.
what does look weird it that's part of the buffer is bascily your current directory.
[ my box ] (root@izik [~])# uname -a Linux izik 2.2.19 #93 Thu Jun 21 01:09:03 PDT 2001 i686 unknown (root@izik [~])# cat /etc/slackware-version 8.0.0 (åtta) (root@izik [~])# [ the overflow ] (gdb) r `perl -e 'print "A" x 9000'` Starting program: /usr/bin/vim `perl -e 'print "A" x 9000'` (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x403b0434 in strcat (dest=0x810ee88 "/root/", 'A' <repeats 194 times>...,src=0x8100cb8 'A' <repeats 200 times>...) at ../sysdeps/generic/strcat.c:46
46 ../sysdeps/generic/strcat.c: No such file or directory. (gdb) izik @ http://www.tty64.org.
Current thread:
- vim bufferoverflow Izik (Nov 11)
- Re: vim bufferoverflow elguapo (Nov 12)