Vulnerability Development mailing list archives
VIM Buffer Overflow
From: Aramis Orlando <aramis () easynet ro>
Date: 16 Feb 2002 02:02:53 -0000
====================================== ==== = VI Overflow Tested in RedHat 7.0/7.1/7.2 = =----------------------------------------= = Author: Andrew Tofan = =----------------------------------------= = Email: aramis () easynet ro = =----------------------------------------= ====================================== ==== I've found a problem in vi , which is located in /bin/vi". Here are some tests I've made in << VIM version 5.7.8>>. Take a look at my test: [root@softly /root]# vi -t "`perl -e 'printf "A"x9000'`" [root@softly /root]# gdb vi core gdb output: ========== Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libtermcap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libtermcap.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 #0 0x80644a7 in strcpy () at ../sysdeps/generic/strcpy.c:31 31 ../sysdeps/generic/strcpy.c: No such file or directory. then take a look at the registers: ==================================== (gdb) info registers eax 0x41414141 1094795585 ecx 0x41414141 1094795585 edx 0x1 1 ebx 0x1 1 esp 0xbfffd1c4 0xbfffd1c4 ebp 0xbfffd1dc 0xbfffd1dc esi 0x41414141 1094795585 edi 0x0 0 eip 0x80644a7 0x80644a7 eflags 0x10206 66054 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x2b 43 gs 0x2b 43 fctrl 0x0 0 fstat 0x0 0 ftag 0x0 0 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 I did't waste my time writing an exploit becouse this: -rwxr-xr-x 1 root root 361852 Aug 7 2000 /bin/vi --==Aramis==--
Current thread:
- VIM Buffer Overflow Aramis Orlando (Feb 15)
- Re: VIM Buffer Overflow KF (Feb 16)
- Re: VIM Buffer Overflow Felipe Cerqueira (Feb 17)
- Re: VIM Buffer Overflow KF (Feb 16)