Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability
From: Vade 79 <v9 () fakehalo deadpig org>
Date: 14 Aug 2003 19:05:19 -0000

In-Reply-To: <20030810011227.5888.qmail () www securityfocus com>

 ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number 
*/.............lol
 *strp = malloc(buflen);

 if (*strp)
 {
   va_list ap;
   va_start(ap, fmt);
   vsnprintf(*strp, buflen, fmt, 
ap);..................................lol

getenv("HOME") >50*strlen(%s/.dsh/dsh.conf)  ......buf overflow......

how do you figure? it uses the same buflen value to limit the amount 
written to the buffer in the vsnprintf call as it was allocated(cept 
didn't add space for the null byte)? am i missing something?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]