首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
来源:http://www.xfocus.org 作者:alert7 发布时间:2006-02-07  

Title:[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability

Affected version : <= BCB6+ent_upd4
Vendor: http://borland.com/
Url:


XFOCUS (http://www.xfocus.org) had already discovered
a vulnerability in BCB6(ent_upd4) compiler.
It maybe cause integer overflow if you misuse use sizeof operator.


/**
* check_compiler_sizeof_vulnerability.c
*
* Check compiler whether correct deal with sizeof operator,
* which can cause integer overflow if you careless use !!!
*
* note: some old compiler have this vulnerability!!!!
*
* by alert7@xfocus.org
*
* XFOCUS Security Team
* http://www.xfocus.org
*
* already tested:
*
* BCB6+ent_upd4....................................vuln !!!
* gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
* gcc version 2.95.3-4(cygwin special).............not vuln
* gcc version egcs-2.91.66.........................not vuln
* cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
* VC6+sp5..........................................not vuln ,thank eyas
* lcc version 3.8..................................not vuln ,thank tombkeeper
* evc4+sp4.........................................not vuln ,thank san
*
* REQUEST YOUR COMMENT:
* VC6 not sp5......................................?
* VC7..............................................?
* evc not sp4......................................?
* freebsd gcc version..............................?
* openbsd gcc version..............................?
* ...
*/
#include <stdio.h>

int main(int argc, char *argv[])
{
int i =-1;

printf("Check compiler whether correct deal with sizeof operator\n");
printf(" by alert7@xfocus.org \n\n");

if (i > sizeof ( int ) )
{
printf("This compiler is not vuln\n");
}else
printf("This compiler is vuln!!!\n");

getchar();

return 0;
}


--EOF



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft HTML Help Workshop .
·Mozilla Firefox location.Query
·eXchange POP3 RCPT TO Command
·SamiFTPd USER buffer overflow
·Microsoft Windows SSDP and UPn
·Arescom NetDSL-1000 TelnetD Do
·BlueCoat WinProxy Host: Header
·Qualcomm WorldMail IMAP Server
·wzdftpd <= 0.5.4 SITE Comma
·SQL Injection Exploit for ASPT
·Nullsoft Winamp Player PLS Fil
·Proof of concept exploit that
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved