lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 May 2004 08:36:24 -0400
From: "steven.mcdonald" <steven.mcdonald@...ightbb.com>
To: <Oliver@...yhat.de>, <full-disclosure@...ts.netsys.com>
Cc: <bugtraq@...urityfocus.com>
Subject: (no subject)
Oliver,
Quickly testing the below string at the command line does crash perl.exe. I have ActivePerl 5.8.0 Build 805 install on a Windows 2000 machine.
perl -e "$a="A" x 256; system($a)"
-----Original Message-----
From: Oliver@...yhat.de [mailto:Oliver@...yhat.de]
Sent: Monday, May 17, 2004 4:24 PM
To: full-disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com
Subject: Buffer Overflow in ActivePerl ?
hi folks,
i played around with ActiveState's ActivePerl for Win32, and crashed
Perl.exe with the following command:
perl -e "$a="A" x 256; system($a)"
I wonder if this bug isnt known?!? Because system() is a very common
command....
Can anybody reproduce this?
I put together a little advisory on my website, including version
information and a debugger output (Drwatson):
http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
PS: Due to travel activity, i will not be able to respond to mails
within the next 8 days!
Regards,
Oliver
Content of type "text/html" skipped
Powered by blists - more mailing lists