From owner-freebsd-security Wed Apr 23 22:42:21 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA17354 for security-outgoing; Wed, 23 Apr 1997 22:42:21 -0700 (PDT) Received: from insanity.dorm.umd.edu (insanity.dorm.umd.edu [129.2.154.11]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA17349 for ; Wed, 23 Apr 1997 22:42:17 -0700 (PDT) Received: from insanity.dorm.umd.edu (LOCALHOST [127.0.0.1]) by insanity.dorm.umd.edu (8.8.5/8.6.12) with ESMTP id BAA20967 for ; Thu, 24 Apr 1997 01:41:59 -0400 (EDT) Message-Id: <199704240541.BAA20967@insanity.dorm.umd.edu> X-Mailer: exmh version 2.0gamma 1/27/96 To: freebsd-security@freebsd.org Subject: sperl buffer overflow Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 24 Apr 1997 01:41:57 -0400 From: Shadow Lord Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I cvsupped the latest 2.2 release, and it doesn't seem to have any changes for sperl. Is this in the process of being fixed? Cory. PS - I didn't include the exploits because I know people on this list are paranoid about that. ------- Forwarded Message Date: Mon, 21 Apr 1997 16:34:41 PDT Reply-To: Deliver Sender: Bugtraq List From: Deliver Subject: Exploits for FreeBSD sperl4.036 & sperl5.00x To: BUGTRAQ@netspace.org If somebody want to test perl5.00X or perl4.036 buffer overflow exploits there are two for FreeBSD... First works on perl4.036 and the second on perl5.002 ... With a little modyfication of OFFSET value you can overflow all versions up to perl5.003 < exploit omitted>