Re: Buffer Overflow in ActivePerl ?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Buffer Overflow in ActivePerl ?
From: <noderat@xxxxxxxxxxx>
Date: 19 May 2004 04:10:49 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <40AAB885.10935.31071242@localhost>

>Looks like full control of EIP...
>
>However, there is not likely to be a privilege escalation here unless 
>perhaps a script processor on a web server can be cajoled into doing 
>something with this??  (Not at all familiar with the innards of Windows 
>web servers and their relationship to their CGI, etc processors...)
>
>
>-- 
>Nick FitzGerald
>Computer Virus Consulting Ltd.
>Ph/FAX: +64 3 3529854
>
>

Unethical intruders don't always require "privilege escalation", executing code 
on another system is enough, depending on the goal.

Networks where say developers are sharing source tree's and the like, placing a 
hostile piece of code in the central store will allow remote code execution on 
the developer nodes.

Other registers other than EIP can be written, depending on the version, 
however we need not rely on EIP to allow for a buffer overflow exploit, we 
don't "need" to overwrite any register in fact to execute code, only to cause a 
buffer overflow  >;]

cheers

Prev by Date: Re: Buffer Overflow in ActivePerl ?
Next by Date: MDKSA-2004:047 - Updated kdelibs packages fix URI handling vulnerabilities
Previous by thread: Re: Buffer Overflow in ActivePerl ?
Next by thread: RE: Buffer Overflow in ActivePerl ?
Index(es):
- Date
- Thread