NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2002-q3

silvio_at_big.net.au
Date: Mon Sep 30 2002 - 00:28:04 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A quick note to say that THREATCON will be inactive until we fix some scripts.

It appears that due to a buffer on the stack (env_argv) not having bounds
checking, our threatcon evaluation software segv'd -->

cat /dev/urandom | bc script
echo THREATCON: CAUTIOUSLY MOVING WITH EARS TO THE GROUND

foo="";i=0;while [ $i -lt 100 ]; do foo="a $foo"; ((i=$i+1)); done; export BC_ENV_ARGS=$foo; bc

apologies for bash specific features above

--
Silvio
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]