Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Re: [xfocus-SD-060206]BCB compiler incorrect deal size

from [XFOCUS Security Team] Network Security [Permanent Link]
Subject: [Full-disclosure] Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
Date: Tue, 07 Feb 2006 12:39:28 +0800 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

thank Ilja van Sprundel <ilja@suresec.org> testing.
he find that newest tiny c compiler (tcc-0.9.23) also have this
vulnerability .

also thank kokanin@gmail.com and alekc@avet.com.pl :)

 /**
  * check_compiler_sizeof_vulnerability.c
  *
  * Check compiler whether correct deal with sizeof operator,
  * which can cause integer overflow if you careless use !!!
  *
  * note: some old compiler maybe have this vulnerability!!!!
  *
  * by alert7@xfocus.org
  *
  * XFOCUS Security Team
  * http://www.xfocus.org
  *
  * already tested:
  *
  * BCB6+ent_upd4....................................vuln !!!
  * tcc-0.9.23 ......................................vuln !!!
  * ........thank Ilja van Sprundel <ilja@suresec.org>
  * gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
  * gcc version 2.95.3-4(cygwin special).............not vuln
  * gcc version egcs-2.91.66.........................not vuln
  * cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
  * VC6+sp5..........................................not vuln
  * .......................................thank eyas
  * lcc version 3.8..................................not vuln
  *..................................thank tombkeeper
  * evc4+sp4.........................................not vuln
  * ........................................thank san
  * gcc version 3.4.2 [FreeBSD] 20040728.............not vuln
  * ........................thank <kokanin@gmail.com>
  * GCC OpenBSD 3.1 (2.95.3 20010125 (prerelease))...not vuln
  * MS VS.NET 2003 ..................................not vuln
  * ..............above two thank <alekc@avet.com.pl>
  *
  * REQUEST YOUR COMMENT:
  * VC6 not sp5......................................?
  * VC7..............................................?
  * evc not sp4......................................?
  * ...
  */
 #include <stdio.h>

 int main(int argc, char *argv[])
 {
  int i =-1;

  printf("Check compiler whether correct deal with sizeof operator\n");
  printf("  by alert7@xfocus.org \n\n");

  if (i > sizeof ( int ) )
  {
    printf("This compiler is not vuln\n");
  }else
    printf("This compiler is vuln!!!\n");

  getchar();

  return 0;
 }

- --EOF



- --

Kind Regards,

- ---
XFOCUS Security Team
http://www.xfocus.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD6CR/whDwaF6cSWIRArcqAKCmTor93qg3JlmPEL6VjMHzgGl7hgCgxwtM
r71nRPE+00IBZW0hSqjEnU4=
=Bl/T
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team
Next by Date:  High Risk Vulnerability in Lexmark Printer Sharing Service, NGSSoftware Insight Security Research
Previous by Thread:  [Full-disclosure] [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team
Next by Thread:  High Risk Vulnerability in Lexmark Printer Sharing Service, NGSSoftware Insight Security Research
Indexes:  [Date] [Thread] [Top] [All Lists]