Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam  Beyond Security  SecuriTeam Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	DSH HOME Environment Buffer Overflow 13 Aug. 2003    Summary The DSH package has been found to contain a buffer overflow in the HOME environment variable. This vulnerability will allow attackers to cause the product crash.   Credit: The information has been provided by jsk.    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable systems:  * DSH version 0.24.0 Vulnerable code: Inside dsh.c: main(int ac, char ** av) {   char *buf=NULL;      setlocale (LC_ALL, "");   if (!textdomain(PACKAGE_NAME))     {       if (!bindtextdomain(PACKAGE_NAME, LOCALEDIR))  fprintf (stderr, "%s: failed to call bindtextdomain\n", PACKAGE);     }            load_configfile(DSH_CONF);   if (asprintf (&buf, "%s/.dsh/dsh.conf", getenv("HOME")) < 0).............lol     {       fprintf (stderr, _("%s: asprintf failed\n"), PACKAGE);       exit (1);     }   load_configfile(buf);   free (buf); asprintf??????? nt asprintf(char **strp, const char *fmt, ...) {   ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number */.............lol   *strp = malloc(buflen);   if (*strp)   {     va_list ap;     va_start(ap, fmt);     vsnprintf(*strp, buflen, fmt, ap);..................................lol     va_end(ap);     return buflen;   }  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability Pivot Cross Site Scripting and HTML Injection IBM AIX ToolTalk Database Server Buffer Overflow Vulnerability Webmedia Explorer Cross Site Scripting Vulnerability phpMyAdmin Code Injection Pantha transLucid Cross Site Scripting and HTML Injection Vulnerabilities Clam AntiVIrus Generic Bypass Using RAR CAB or ZIP Files Apache Tomcat RequestDispatcher Directory Traversal Vulnerability HP-UX Running OpenSSL DoS Joomla JA_Purity Multiple Persistent XSS Drupal Flag Module Multiple Vulnerabilities Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability Apple CUPS NULL Pointer Vulnerability OCS Inventory NG Multiple SQL Injections HP-UX Execution of Arbitrary Code and Other Vulnerabilities  Featured Articles Adobe Shockwave Player Director File Parsing Pointer Overwrite Mozilla Firefox Java Applet Loading Vulnerability Microsoft Internet Explorer Security Zone Restrictions Bypass Adobe Acrobat and Reader Heap Overflow Vulnerability Adobe Reader U3D Stack Overflow Vulnerability Apple CUPS NULL Pointer Vulnerability SonicWALL Global Security Client Privilege Escalation Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®