This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: cygwin1.dll up to 1.5.22 overflow


On 20 November 2007 10:11, Jesus wrote:

> Hello developers,

  Hola Jesus.
 
> cygwin1.dll is vulnerable a dangerous buffer overflow that can be exploited
> remotelly.

> Exception: STATUS_ACCESS_VIOLATION at eip=6109008D
> eax=6167343A ebx=5959595A ecx=6167343C edx=04A96F89 esi=6E6C0055
> edi=59595957 ebp=6E6C006C esp=0022E51B program=C:\sshd\bin\scp.exe
> cs=001B ds=0023 es=0023 fs=0038 gs=0000 ss=0023

> I think the version is 1.5.7-1 and prior:
> 
> sha0:~# strings /root/backup2/cygwin/bin/cygwin1.dll | grep -i cygwin\-
> /netrel/src/cygwin-1.5.7-1/winsup/cygwin/cygheap.cc
> /netrel/src/cygwin-1.5.7-1/winsup/cygwin/dir.cc
> ...
> 
> It seems that the problem is at getppid(), but this debuger is inside
> cygwin, maybe debugging from outside will see diferent things.

  Thanks, this would explain why I could not reproduce with 1.5.21.  I'll have
a go at 1.5.7 later this evening and make sure I can fully diagnose what's
going on.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]