Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules

in reply to Searching for sprintf() bug exploit opportunities in core and CPAN modules

Alright...time for me to admit my ineptitude. Whenever I see stuff like this, I can usually follow only for a little bit. In this case, I followed the link to the advisory and understand that if you put a length specifier larger than MAX_INT in a format string, something bad happens. After that, though, I get a bit lost in their use of gdb to "demonstrate" the bug. Is there some way to dumb it down for a guy like me without providing something for script kiddies?

thor

The only easy day was yesterday

Comment on Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules

Replies are listed 'Best First'.
Re^2: Searching for sprintf() bug exploit opportunities in core and CPAN modules by creamygoodness (Curate) on Dec 02, 2005 at 17:49 UTC
Let's talk about that after a patch has been made available. ;) In the meantime, here are two links to sections from "Producing Open Source Software", by Subversion's Karl Fogel. They should give you some idea about how things will unfold from here, and perhaps prepare us for a post-mortem once this bug has been buried. http://producingoss.com/html-chunk/release-lines.html#security-releases http://producingoss.com/html-chunk/publicity.html#security -- Marvin Humphrey Rectangular Research ― http://www.rectangular.com	[reply]
Re^2: Searching for sprintf() bug exploit opportunities in core and CPAN modules by diotalevi (Canon) on Dec 02, 2005 at 20:02 UTC
http://www.phrack.org/phrack/60/p60-0x0a.txt has some info on that.	[reply]

In Section Meditations