漏洞信息 BCB compiler是一款流行的编译器。 BCB编译器处理sizeof操作符存在问题,本地攻击者可以利用漏洞对系统进行拒绝服务或提升特权攻击。 由于错误使用sizeof操作符,可导致整数溢出,进行拒绝服务攻击。 漏洞消息时间:2006-02-06 漏洞起因 设计错误 影响系统 BCB6+ent_upd4 危害 本地攻击者可以利用漏洞对系统进行拒绝服务或提升特权攻击。 攻击所需条件 攻击者必须访问BCB compiler所在系统。 测试方法 /** * check_compiler_sizeof_vulnerability.c * * Check compiler whether correct deal with sizeof operator, * which can cause integer overflow if you careless use !!! * * note: some old compiler have this vulnerability!!!! * * by
[email protected] * * XFOCUS Security Team * http://www.xfocus.org * * already tested: * * BCB6+ent_upd4....................................vuln !!! * gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln * gcc version 2.95.3-4(cygwin special).............not vuln * gcc version egcs-2.91.66.........................not vuln * cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln * VC6+sp5..........................................not vuln ,thank eyas * lcc version 3.8..................................not vuln ,thank tombkeeper * evc4+sp4.........................................not vuln ,thank san * * REQUEST YOUR COMMENT: * VC6 not sp5......................................? * VC7..............................................? * evc not sp4......................................? * freebsd gcc version..............................? * openbsd gcc version..............................? * ... */ #include int main(int argc, char *argv[]) { int i =-1; printf("Check compiler whether correct deal with sizeof operator\n"); printf(" by
[email protected] \n\n"); if (i > sizeof ( int ) ) { printf("This compiler is not vuln\n"); }else printf("This compiler is vuln!!!\n"); getchar(); return 0; } 厂商解决方案 目前没有详细解决方案提供,请关注以下链接: http://borland.com/ 漏洞提供者 XFOCUS Security Team 漏洞消息链接 http://marc.theaimsgroup.com/?l=bugtraq&m=113924964824656&w=2 漏洞消息标题 [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
[1] [2]
(出处:http://www.sheup.com)
[1] [2]