On Thu, Dec 08, 2005 at 12:41:02PM -0800, Charles Stevenson wrote:
>[EMAIL PROTECTED]:~$ perl -e 'printf("%2918905856\$vs")'
>Segmentation fault
>
>I haven't had time yet but I imagine it might be possible to gain root
>through perl-suid.This is not a buffer overflow. You're causing a SEGV by attempting to address a non-existant argument to printf. You don't need a large number to do this--the same happens with: perl -e 'printf q/%1$vs/' Addressing memory (or the failure to do so) is not a security risk in the same way that a buffer overflow is: the program simply aborts as opposed to continuing to run, potentially executing exploit code. It may be worth considering bounds-checking the index to svargs, if only to produce a more meaningful error than "Segmentation fault". --bod -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
