oss-sec mailing list archives
CVE request: netcat-traditional nc buffer overflow
From: Paul Tagliamonte <paultag () gmail com>
Date: Tue, 8 Nov 2016 08:12:40 -0500
The following invocation of nc: $ nc pault.ag 2124124124 Results in a buffer overflow: *** buffer overflow detected ***: nc terminated ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fc8eecaebcb] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fc8eed370e7] /lib/x86_64-linux-gnu/libc.so.6(+0xf7220)[0x7fc8eed35220] /lib/x86_64-linux-gnu/libc.so.6(+0xf67d9)[0x7fc8eed347d9] /lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xac)[0x7fc8eecb2bec] /lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0xcd3)[0x7fc8eec859f3] /lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x8c)[0x7fc8eed3486c] /lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7fc8eed347bd] nc[0x402b20] nc[0x402112] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fc8eec5e2b1] nc[0x402341] This appears to not happen with other versions of netcat, such as the one on OSX. I'm unsure of the security implications of this, but it's not out of the question to use this as a DOS, at least. Cheers, Paul
Attachment:
signature.asc
Description:
Current thread:
- CVE request: netcat-traditional nc buffer overflow Paul Tagliamonte (Nov 08)