[34940] in bugtraq
Re: Buffer Overflow in ActivePerl?
daemon@ATHENA.MIT.EDU (Axel Beckert)
Tue May 18 13:36:19 2004
Date: Tue, 18 May 2004 11:03:40 +0200
From: Axel Beckert <beckert@ecos.de>
To: "Oliver@greyhat.de" <Oliver@greyhat.de>
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Message-ID: <20040518090339.GA15384@ecos.de>
Mail-Followup-To: "Oliver@greyhat.de" <Oliver@greyhat.de>,
full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <40A91F5C.6060408@greyhat.de>
Hi!
Am Mon, May 17, 2004 at 10:23:56PM +0200, Oliver@greyhat.de schrieb:
> i played around with ActiveState's ActivePerl for Win32, and crashed
> Perl.exe with the following command:
>
> perl -e "$a="A" x 256; system($a)"
>
> I wonder if this bug isnt known?!? Because system() is a very common
> command....
> Can anybody reproduce this?
I can confirm this for Perl v5.8.0 built for MSWin32-x86-multi-thread
(Binary build 805 provided by ActiveState Corp.) on W2K.
My first thought was that the nested double-quotes maybe the reason,
but even
perl -e "$a='A' x 256; system($a)"
crashes.
perl -e "system('A'x256)"
chrashes also btw.
Kind regards, Axel Beckert
--
-------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
it security solutions * web applications with apache and perl
Mail: Tulpenstrasse 5 D-55276 Dienheim near Mainz
E-Mail: beckert@ecos.de Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
-------------------------------------------------------------
