lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 May 2004 11:03:40 +0200 From: Axel Beckert <beckert@...s.de> To: "Oliver@...yhat.de" <Oliver@...yhat.de> Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: Buffer Overflow in ActivePerl? Hi! Am Mon, May 17, 2004 at 10:23:56PM +0200, Oliver@...yhat.de schrieb: > i played around with ActiveState's ActivePerl for Win32, and crashed > Perl.exe with the following command: > > perl -e "$a="A" x 256; system($a)" > > I wonder if this bug isnt known?!? Because system() is a very common > command.... > Can anybody reproduce this? I can confirm this for Perl v5.8.0 built for MSWin32-x86-multi-thread (Binary build 805 provided by ActiveState Corp.) on W2K. My first thought was that the nested double-quotes maybe the reason, but even perl -e "$a='A' x 256; system($a)" crashes. perl -e "system('A'x256)" chrashes also btw. Kind regards, Axel Beckert -- ------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh it security solutions * web applications with apache and perl Mail: Tulpenstrasse 5 D-55276 Dienheim near Mainz E-Mail: beckert@...s.de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-333 ------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists