RE: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
From: David Endler (dendler@idefense.com)Date: 09/26/02
- Previous message: Martin Schulze: "[SECURITY] [DSA 149-2] New glibc packages fix"
- Maybe in reply to: David Endler: "iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Endler <dendler@idefense.com> To: Boris Veytsman <borisv@lk.net> Date: Thu, 26 Sep 2002 11:22:09 -0600 (MDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Boris,
> Does not work for me:
>
> boris@reston-0491:~/convert$ gv -v
> gv 3.5.8 (debian)
> boris@reston-0491:~/convert$ gv gv-exploit.pdf
> Segmentation fault
> boris@reston-0491:~/convert$ ls -al /tmp/itworked
> ls: /tmp/itworked: No such file or directory
I'll quote from the advisory:
"A proof of concept exploit for Red Hat Linux designed by zen-parse
is..."
^^^^^^^^^^^^^
Other OS specific exploits (i.e. Debian, etc.) with the proper
alignments and offsets I imagine would be trivial to create.
- -dave
David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071
dendler@idefense.com
www.idefense.com
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A
iQA/AwUBPZNNy0rdNYRLCswqEQKl2QCffXscc4fz8HreXgVRMnXtPa3r9u4An2xY
Tkg2H+btMUk0zd4/Vy/u9iru
=b6Oz
-----END PGP SIGNATURE-----
- Previous message: Martin Schulze: "[SECURITY] [DSA 149-2] New glibc packages fix"
- Maybe in reply to: David Endler: "iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
