lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Mar 2007 16:55:03 +0100 From: "starcadi starcadi" <starcadi@...il.com> To: bugtraq@...urityfocus.com Subject: Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Description: The source of python contain a various modules, the zlib module contain a minigzip tool, ( * minigzip is a minimal implementation of the gzip utility. ). Source error: the error was found in: - void file_compress(file, mode) because the use of strcpy() is inapropriatly -- #define MAX_NAME_LEN 1024 [..] void file_compress(file, mode) char *file; char *mode; { local char outfile[MAX_NAME_LEN]; FILE *in; gzFile out; strcpy(outfile, file); strcat(outfile, GZ_SUFFIX); -- the function file_compress() was called by main() function. Proof of concept: if you want test the vulnerability try: $ minigzip `perl -e "print 'A'x1050"` -- starcadi
Powered by blists - more mailing lists