[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Re: Netscape 4.7 argument bug

From: Mixter
Subject: lynx-dev Re: Netscape 4.7 argument bug
Date: Sat, 8 Jan 2000 14:48:04 +0100 (CET)

It seems that the netscape problem found by darkspyrit (oversized
arguments to CGI's via GET) might also be a vulnerability issue in
other browser software. For fun, I tried accessing the sample exploit
page at
with lynx, and nothing happened, but when I tried saving the page
(default key 'p') to disk, it got a segv..
this happened using version 2.8.1pre.9

Here is a backtrace from the lynx core file:
(gdb) bt
#0  0x1ad811 in __kill ()
#1  0x1ad63f in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2  0x1ae84f in abort () at ../sysdeps/generic/abort.c:83
#3  0x80602e8 in _start ()
#4  0xc0de0001 in ?? ()

mkdir -p `perl -e 'printf "a/" x 1000'`

reply via email to

[Prev in Thread] Current Thread [Next in Thread]