================================================================================
[ Hackerslab bug_paper ] HP-UX bdf -t option buffer overflow vul
================================================================================
File : /usr/bin/bdf
SYSTEM : HP-UX 11.00
Tested by HP-UX B.11.00
INFO :
bdf - report number of free disk blocks (Berkeley version)
-t type Report on the file systems of a given type (for
example, nfs or hfs).
$ ls -la which bdf
-r-sr-xr-x 1 root bin 24576 Apr 7 1998 /usr/bin/bdf
$ bdf -t perl -e 'print "A"x2415'
bdf: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA…omited…AAAAAAAAAAAAAAAA : No such file or directory
usage: bdf [ -b ] [ -i ] [ -l ] [-t type | file… ]
$ bdf -t perl -e 'print "A"x2416'
Memory fault
$
<bash environment>
bash-2.04$ bdf -b -t perl -e 'print "A"x2416'
Segmentation fault
bash-2.04$
If bigger than 2415 characters, 'bdf' has Segment faulted.
Maybe… 'bdf' has not checked string boundary.
SOLUTION
Don't know :)
==-------------------------------------------------------------------------------==
*********
** ** * [email protected]