[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
integer overflow in /bin/ls
|
From: |
Georgi Guninski |
|
Subject: |
integer overflow in /bin/ls |
|
Date: |
Sun, 12 Oct 2003 22:46:46 +0300 |
Hi,
There is a non exploitable integer overflow in /bin/ls.
Check the following:
/opt/bin/valgrind /bin/ls -w 1073741828 -C
==21243== Invalid write of size 4
==21243== at 0x804E498: (within /bin/ls)
==21243== by 0x804CC3C: (within /bin/ls)
==21243== by 0x804B721: (within /bin/ls)
==21243== by 0x8049F74: (within /bin/ls)
==21243== Address 0x41430CC8 is 8 bytes after a block of size 8 alloc'd
==21243== at 0x40160504: malloc (vg_clientfuncs.c:100)
==21243== by 0x80534D0: (within /bin/ls)
==21243== by 0x804E4FB: (within /bin/ls)
==21243== by 0x804CC3C: (within /bin/ls)
The heap is quite screwed, but ls is killed by the kernel due to memory usage.
Probably ls should not accept big ints after -w.
As a side effect this causes temporary DoS in wu-ftpd.
georgi
- integer overflow in /bin/ls,
Georgi Guninski <=