cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: 6.5.2 buffer overflow.

From: Janne Johansson <jj_at_dynarc.se>
Date: Tue, 09 May 2000 15:18:04 +0200

> On Tue, 9 May 2000, Janne Johansson wrote:
>
> > Unfortunately, it's non-exploitable as far as I can see on OpenBSD-m68k.
> > ;-)
>
> Confirmed flaw.
>
> Since it isn't overwriting the stack, the risk is a lot smaller for an
> exploit. I can't tell for sure for all kinds of weird hardware architectures
> though.
>
> This would only be of any actual risk if there are people running curl within
> suid scripts invoked by users.

I was only kidding, but I did check where those "A"'s went, and it
wasn't to the PC, though loads of other cpu registers contained
0x41414141.

-- 
Allt är under kontroll, och Caps lock är bredvid. 
Received on 2000-05-09