Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules

by thor (Priest)
on Dec 02, 2005 at 12:35 UTC ( #513576=note: print w/replies, xml ) Need Help??


in reply to Searching for sprintf() bug exploit opportunities in core and CPAN modules

Alright...time for me to admit my ineptitude. Whenever I see stuff like this, I can usually follow only for a little bit. In this case, I followed the link to the advisory and understand that if you put a length specifier larger than MAX_INT in a format string, something bad happens. After that, though, I get a bit lost in their use of gdb to "demonstrate" the bug. Is there some way to dumb it down for a guy like me without providing something for script kiddies?

thor

The only easy day was yesterday

  • Comment on Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules

Replies are listed 'Best First'.
Re^2: Searching for sprintf() bug exploit opportunities in core and CPAN modules
by creamygoodness (Curate) on Dec 02, 2005 at 17:49 UTC
Re^2: Searching for sprintf() bug exploit opportunities in core and CPAN modules
by diotalevi (Canon) on Dec 02, 2005 at 20:02 UTC