Bugtraq: Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

From: Vade 79 <v9 () fakehalo deadpig org>
Date: 14 Aug 2003 19:05:19 -0000

In-Reply-To: <20030810011227.5888.qmail () www securityfocus com>

 ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number 
*/.............lol
 *strp = malloc(buflen);

 if (*strp)
 {
   va_list ap;
   va_start(ap, fmt);
   vsnprintf(*strp, buflen, fmt,

ap);..................................lol

getenv("HOME") >50*strlen(%s/.dsh/dsh.conf)  ......buf overflow......


how do you figure? it uses the same buflen value to limit the amount 
written to the buffer in the vsnprintf call as it was allocated(cept 
didn't add space for the null byte)? am i missing something?

By Date By Thread

Current thread:

PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability yan feng (Aug 11)
- <Possible follow-ups>
- Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability Vade 79 (Aug 14)