RE: A different bash blues
From: Adam Gilmore (vuln@optusnet.com.au)
Date: 02/16/03
- Previous message: spacewalker: "Re: glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
- In reply to: admin@badger.sytes.net: "A different bash blues"
- Next in thread: Adam Gilmore: "RE: Bash Blues."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Adam Gilmore" <vuln@optusnet.com.au> To: <vuln-dev@securityfocus.com> Date: Mon, 17 Feb 2003 00:28:50 +1000
I would assume this is also because of a recursive function filling up
the stack (it segfaults on my Debian 3.0 on a push %edi in malloc()). I
don't know how exploitable this is at all.
-----Original Message-----
From: admin@badger.sytes.net [mailto:admin@badger.sytes.net]
Sent: Saturday, 15 February 2003 11:49 AM
To: vuln-dev@securityfocus.com
Subject: A different bash blues
In relation to the Bash Blues thread, I have something that may be of
interest.
eval `perl -e 'print ":;" x 97500'`
This causes bash to crash too sig 11. I don't know if this means
anything
or not, but who knows, it may be useful to someone else. The number
97500
is most likely a lot higher that it needs to be but I have noticed that
when I have tried this on different machines, it takes slightly
different
amounts of :; to get it to crash.
- Next message: argv@hushmail.com: "[argv] BitchX-353 Vulnerability"
- Previous message: spacewalker: "Re: glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
- In reply to: admin@badger.sytes.net: "A different bash blues"
- Next in thread: Adam Gilmore: "RE: Bash Blues."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
