From owner-freebsd-audit  Mon Feb 21 22:46:57 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from MailAndNews.com (MailAndNews.com [199.29.68.160])
	by hub.freebsd.org (Postfix) with ESMTP id 0483C37B607
	for <FreeBSD-audit@freebsd.org>; Mon, 21 Feb 2000 22:46:52 -0800 (PST)
	(envelope-from mheffner@mailandnews.com)
Received: from muriel.penguinpowered.com [208.138.199.76] (mheffner@mailandnews.com); Tue, 22 Feb 2000 01:46:48 -0500
X-WM-Posted-At: MailAndNews.com; Tue, 22 Feb 00 01:46:48 -0500
Content-Length: 2013
Message-ID: <XFMail.20000222014747.mheffner@mailandnews.com>
X-Mailer: XFMail 1.4.4 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Date: Tue, 22 Feb 2000 01:47:47 -0500 (EST)
Reply-To: Mike Heffner <spock@techfour.net>
From: Mike Heffner <mheffner@mailandnews.com>
To: FreeBSD-audit <FreeBSD-audit@freebsd.org>
Subject: Binary tester - and some oflows
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Well, for some kicks I've put together a simple binary testing program. It can
test argument overflows and environment variable overflows. Also, if run
together with l0pht-watch it can give you a good idea of programs that use
inseucre tempfile handling.

If anyone wants to check it out:
http://my.ispchannel.com/~mheffner/bfbtester-1.0.tar.gz
or view the README at:
http://my.ispchannel.com/~mheffner/README.bfbtester

Currently I've run it through /usr/bin (took about 20 hours) and found the
following, (these are in addition to the ones Thomas Stromberg found):

 usr.bin/kzip
                 Arg overflow 
                 Ex: kzip [5120]
 usr.bin/lam
                 Arg overflow 
                 Ex: lam -[PFfp] [51200]
 usr.bin/ld
                 Arg overflow 
                 Ex: ld -L [10240] -T blah
 usr.bin/minigzip
                 Arg overflow 
                 Ex: minigzip -d [5120]
 contrib/ntp/ntpq
                 Arg overflow 
                 Ex: ntpq -c [51200]
 usr/bin/openssl
                 Arg overflow 
                 Ex: openssl [51200]
 gnu/usr.bin/ptx
                 Lots of arg overflows 
                 Ex: ptx -[FMSWgw] [5120]
 usr.bin/telnet
                 Arg overflow 
                 Ex: telnet -X [5120]
 usr.bin/ftp, gate-ftp, 
 pftp
                 Arg overflow 
                 Ex: ftp [10240]
 usr.bin/global
                 Env. overflow in MAKEOBJDIR and MAKEOBJDIRPREFIX 
                 Ex: MAKEOBJDIR=[10240] global blah
 gnu/usr.bin/binutils/addr2line
                 Arg overflow 
                 Ex: addr2line -s [5120] 
                 Note: A valid 'a.out' file must exist in current dir.
 usr.bin/units
                 Args overflow 
                 Ex: units [10240] [10240]


/****************************************
 * Mike Heffner <spock@techfour.net>    *
 * Fredericksburg, VA                   *
 * ICQ# 882073                          *
 * Sent at: 22-Feb-2000 -- 01:37:21 EST *
 ****************************************/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message