I don't want to sound like a retard but I probably will anyway. But in this example isn't it syslog that has the vulnerability to the buffer overflow? And if so wouldn't they have probably fixed that code since '95? Could explain why it won't segfault on the newer distros.
-----Original Message----- From: Ted Kat. [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 1:52 PM To: [EMAIL PROTECTED] Subject: [sclug-generallist] buffer overflows Hi list, Now I'm doing some research on "smashing the stack" buffer overflows. http://www.insecure.org/stf/mudge_buffer_overflow_tutorial.html is an old example of this. But, the example given does not segfault on my system when I compile it, I guess its reading pass the char array into null terminated padded memory or something, which is legal. Can anyone get this thing to segfault "as is" with their system? just, gcc -o test test.c ./test Attached is the test. Thanks, ===== Ted Katseres ---------------- ------------------------ -------------------------------- __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
