('binary' encoding is not supported, stored as-is) Netric Security Team - http://www.netric.org by sacrine GNU Awk 3.1.0 Type: Stackoverflow Priority: 3 [01] Description [02] Proof of concept [03] Vendor response [01] Description GNU Awk(gawk) is a pattern scanning and processing language and implementation of the AWK programming language available at http://www.gnu.org The stackoverflow is discovered and tested against Gawk 3.1.0 on redhat 7.2 and slackware 8.0 the bug still exist after upgrading to the latest gawk package the problem: an unchecked buffer in the -f option [02] Proof of concept A proof of concept exploit can be found at: http://www.netric.org/advisories/gawk_expl.c written by eSDee [03] Vendor response The vendor is informed, but has not responded yet.
This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 10:52:46 PDT