Hosting Provided By

Re: slocate vulnerability

From: Gregory Duchemin <c3rb3r(at)hotmail.com>
Date: Sun Feb 02 2003 - 14:46:32 EST

('binary' encoding is not supported, stored as-is)
In-Reply-To: <001101c2c794$d8e308c0$fb3331d2@ADAM>

hello list
for the sole purpose of completness, another sig11 occurs when calling slocate 2.6.1 with -r `perl -e "print stdout a x 655026"`, such a big regex force regcomp (from gnu regex lib) to return an error code and slocate to call regerror with errbuf as a third parameter. Because slocate omits to malloc any memory to errbuf but claims it to have 1024 chars and regerror doesn't check errbuf, regerror try to write at a null pointer and simply crashes with a segmentation violation, but segfaults are not always buffer overflows's symptoms, indeed the reason is precisely a lack of buffer.
cheers.

Gregory

>
>Below is an advisory on a buffer overflow in slocate 2.6.1.=A0 I can=92t
Received on Sun Feb 2 23:15:06 2003

This message: [ Message body ]
Next message: NetNinja: "Windows reverse Shell"
Previous message: Dave Aitel: "locator exploit"
In reply to: Adam Gilmore: "slocate vulnerability"
In reply to Adam Gilmore: "slocate vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT