Re: m4 and format strings

From: Samy Kamkar [CommPort5] (CommPort5at_private)
Date: Wed Jun 27 2001 - 08:58:10 PDT

Next message: Vladimir Kraljevic: "RE: Getting passwords from the heap?"

Previous message: Robert van der Meulen: "Re: m4 and format strings"
In reply to: Robert van der Meulen: "Re: m4 and format strings"
Next in thread: KF: "Re: m4 and format strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Also, testing on my machine (fbsd) I just get:
> > m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory
Also checked gm4 on my fbsd machine and it is vuln, but is anyone aware
of any other programs that depend on m4/gm4?  I don't know of any other
ways something like this could be exploited..

bash$ ls -l `which m4`
-r-xr-xr-x  1 root  wheel  16528 Oct  9  2000 /usr/bin/m4
bash$ ls -l `which gm4`
-r-xr-xr-x  1 root  wheel  78724 Apr 17  2000 /usr/local/bin/gm4
bash$ m4 %x,%x,%x,%x,%x,%x,%x
m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory
bash$ gm4 --version
GNU m4 1.4
bash$ gm4 %x,%x,%x,%x,%x,%x,%x
gm4: 8049495,2,bfbffc40,bfbffc4c,28070100,bfbffc38,2805d329: No such
file or directory

-- 
Samy Kamkar -- (877) 898-1424 -- CommPort5at_private
LucidX.com / pdump.org / LA.pm.org

Next message: Vladimir Kraljevic: "RE: Getting passwords from the heap?"
Previous message: Robert van der Meulen: "Re: m4 and format strings"
In reply to: Robert van der Meulen: "Re: m4 and format strings"
Next in thread: KF: "Re: m4 and format strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 10:56:43 PDT