'[Full-Disclosure] THREATCON segv until scripts are fixed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] THREATCON segv until scripts are fixed
From:       silvio () big ! net ! au
Date:       2002-09-30 5:28:04
[Download RAW message or body]

A quick note to say that THREATCON will be inactive until we fix some scripts.

It appears that due to a buffer on the stack (env_argv) not having bounds
checking, our threatcon evaluation software segv'd -->

	cat /dev/urandom | bc script
	echo THREATCON: CAUTIOUSLY MOVING WITH EARS TO THE GROUND

foo="";i=0;while [ $i -lt 100 ]; do foo="a $foo"; ((i=$i+1)); done; export BC_ENV_ARGS=$foo; bc

apologies for bash specific features above

--
Silvio
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic