in reply to
Searching for sprintf() bug exploit opportunities in core and CPAN modules
Alright...time for me to admit my ineptitude. Whenever I see stuff like this, I can usually follow only for a little bit. In this case, I followed the link to the advisory and understand that if you put a length specifier larger than MAX_INT in a format string, something bad happens. After that, though, I get a bit lost in their use of gdb to "demonstrate" the bug. Is there some way to dumb it down for a guy like me without providing something for script kiddies?
The only easy day was yesterday