[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
From:       Boris Veytsman <borisv () lk ! net>
Date:       2002-09-26 17:44:56
[Download RAW message or body]

> From: David Endler <dendler@idefense.com>
> Date: Thu, 26 Sep 2002 08:58:48 -0600 (MDT)

> 
> A proof of concept exploit for Red Hat Linux designed by zen-parse is
> attached to this message.  It packages the overflow and shellcode in
> the "%%PageOrder:" section of the PDF.
> 
> [root@victim]# ls -al /tmp/itworked 
> /bin/ls: /tmp/itworked: No such file or directory 
> [root@victim]# gv gv-exploit.pdf 
> [root@victim]# ls -al /tmp/itworked 
> - -rw-r--r-- 1 root root 0 Aug 22 16:50 /tmp/itworked
> [root@victim]# 
> 

Does not work for me:

boris@reston-0491:~/convert$ gv -v
gv 3.5.8 (debian)
boris@reston-0491:~/convert$ gv gv-exploit.pdf 
Segmentation fault
boris@reston-0491:~/convert$ ls -al /tmp/itworked
ls: /tmp/itworked: No such file or directory

-- 
Good luck

-Boris

By long-standing tradition, I take this opportunity to savage other
designers in the thin disguise of good, clean fun.
		-- P.J. Plauger, "Computer Language", 1988, April
		   Fool's column.
[prev in list] [next in list] [prev in thread] [next in thread]