info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Potential vulnerabilities in GDB 7.8
0 views
Skip to first unread message
Hádrian R
Aug 20, 2014, 7:17:11 PM8/20/14
to bug...@gnu.org
Hi, I'm Kaiwaiata, since more than 2h searching and finding various possible vulnerabilities in source code of GDB..
I will tell you one vulnerability now, if they treat me well I will tell the other..
unsafe use of strcpy() in int net_open (.. ..){:
gdb-7.8.tar\gdb\ser-tcp.c:
line 187: strncpy (hostname, name, tmp);
line 187: strcpy (hostname, "localhost");
# if an attacker manages to take control of hostname[100];, may cause a buffer overflow.
NOTE: is likely to be directed toward .bss, also be a vulnerability
i hope answer, thanks a lot!,
Kaiwaiata - HádrienR.
Sergio Durigan Junior
Aug 21, 2014, 11:05:55 AM8/21/14
to Hádrian R, bug...@gnu.org
On Wednesday, August 20 2014, Hádrian R wrote:
> Hi, I'm Kaiwaiata, since more than 2h searching and finding various
> possible vulnerabilities in source code of GDB..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..
Hello Kaiwaiata,
> Hi, I'm Kaiwaiata, since more than 2h searching and finding various
> possible vulnerabilities in source code of GDB..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..
Thanks for the message. However, this list is not used by GDB folks
anymore. I recommend you to post your message on <g...@sourceware.org>.
> unsafe use of *strcpy()* in *int net_open (.. ..){**:*
>
> *gdb-7.8.tar\gdb\ser-tcp.c:*
> * line 187: *strncpy (hostname, name, tmp);
> * line 187: *strcpy (hostname, "localhost");
You could even post a patch fixing this, if you want. To do that, send
the patch to <gdb-p...@sourceware.org>.
Thanks,
--
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/
0 new messages