Hi, I'm Kaiwaiata, since more than 2h searching and finding various
possible vulnerabilities in source code of GDB..
I will tell you one vulnerability now, if they treat me well I will tell
the other..
foolish or important things?
unsafe use of *strcpy()* in *int net_open (.. ..){**:*
*gdb-7.8.tar\gdb\ser-tcp.c:*
* line 187: *strncpy (hostname, name, tmp);
* line 187: *strcpy (hostname, "localhost");
*#* if an attacker manages to take control of *hostname[100];*, may cause a
buffer overflow.
*NOTE*: is likely to be directed toward *.bss,* also be a vulnerability
i hope answer, thanks a lot!,
Kaiwaiata - HádrienR.
_______________________________________________
bug-gdb mailing list
bug-gdb@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gdb
