xfocus-SD-060206.txt

2006-02-08T00:00:00
ID PACKETSTORM:43639
Type packetstorm
Reporter xfocus.org
Modified 2006-02-08T00:00:00

Description

                                        
                                            `-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Title:[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator  
vulnerability  
  
Affected version : <= BCB6+ent_upd4  
Vendor: http://borland.com/  
Url: http://www.xfocus.net/releases/200602/a849.html  
  
  
XFOCUS (http://www.xfocus.org) had already discovered  
a vulnerability in BCB6(ent_upd4) compiler.  
It maybe cause integer overflow if you misuse use sizeof operator.  
  
  
/**  
* check_compiler_sizeof_vulnerability.c  
*  
* Check compiler whether correct deal with sizeof operator,  
* which can cause integer overflow if you careless use !!!  
*  
* note: some old compiler have this vulnerability!!!!  
*  
* by alert7@xfocus.org  
*  
* XFOCUS Security Team  
* http://www.xfocus.org  
*  
* already tested:  
*  
* BCB6+ent_upd4....................................vuln !!!  
* gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln  
* gcc version 2.95.3-4(cygwin special).............not vuln  
* gcc version egcs-2.91.66.........................not vuln  
* cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln  
* VC6+sp5..........................................not vuln ,thank eyas  
* lcc version 3.8..................................not vuln ,thank  
tombkeeper  
* evc4+sp4.........................................not vuln ,thank san  
*  
* REQUEST YOUR COMMENT:  
* VC6 not sp5......................................?  
* VC7..............................................?  
* evc not sp4......................................?  
* freebsd gcc version..............................?  
* openbsd gcc version..............................?  
* ...  
*/  
#include <stdio.h>  
  
int main(int argc, char *argv[])  
{  
int i =-1;  
  
printf("Check compiler whether correct deal with sizeof  
operator\n");  
printf(" by alert7@xfocus.org \n\n");  
  
if (i > sizeof ( int ) )  
{  
printf("This compiler is not vuln\n");  
}else  
printf("This compiler is vuln!!!\n");  
  
getchar();  
  
return 0;  
}  
  
  
- --EOF  
  
- --  
  
Kind Regards,  
  
- ---  
XFOCUS Security Team  
http://www.xfocus.org  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.1 (GNU/Linux)  
  
iD8DBQFD51e5whDwaF6cSWIRAmbkAJ4sN66WOJMKPY4RjSq5p7TvdSGGigCfe5SU  
wolEFAITtYi8fWNND0uyO5c=  
=ibnF  
-----END PGP SIGNATURE-----  
`