Results 1 to 6 of 6

Thread: IDA Buffer Overflow Vulnerability

  1. #1
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17

    IDA Buffer Overflow Vulnerability

    The title says all. All the details are here:
    http://www.idefense.com/application/poi/display?id=189&type=vulnerabilities&flashstatus=true
    Reading the page you will find a link for a temp patch.

    Thanks to Zero for the news.

    Regards,
    ZaiRoN

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Apparently W32Dasm has the same vulnerability too:

    http://www.securityfocus.com/archive/1/388251

  3. #3
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere over the Rainbow
    Posts
    289
    Blog Entries
    1
    ouch, i don't want that too..
    so i added pvdasm a check on the import's length to avoid buffer Overflow Vulnerability.

    about w32dasm.. a dead tool since ages.
    IDA will have it fixed in the next release.
    PEid as well.
    and ofcourse PVDasm.

    good day.
    "knowledge is now free at last, everything should be free from now on, enjoy knowledge and life and never work for everybody else"

  4. #4
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Ida has the bug, windasm has the bug, peid has the bug, pvdasm has the bug... who copies who

  5. #5
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,513
    Blog Entries
    15
    so doesnt olly have it or does it only affect disassemblers and not debuggers or is oleh l33t

  6. #6
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere over the Rainbow
    Posts
    289
    Blog Entries
    1
    ZaiRoN,
    PVDasm HAD the bug!
    seems i am the only one who really cares bout his code

    who copies who
    e.g:
    well, i guess wsprintf(buffer,"%s",import->api_name);
    is pretty obious for anyone who wanna retrieve the api name

    about ollydbg,
    if oleh used any string copy function to retrieve the api name without check the len of the api against the buffer, than yes, ollydbg has the same exploid just as any disasm around... also windbg,ida,win32dasm, (not pvdasm.. its bug free :P)
    Last edited by Bengaly; January 26th, 2005 at 12:58.
    "knowledge is now free at last, everything should be free from now on, enjoy knowledge and life and never work for everybody else"

Similar Threads

  1. how I find Overflow?
    By bjn in forum OllyDbg Support Forums
    Replies: 3
    Last Post: November 26th, 2005, 22:53
  2. W32DASM Buffer Overflow
    By br00t_4_c in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: January 30th, 2005, 07:01
  3. PEiD Buffer Overflow Vulnerability
    By disavowed in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: January 25th, 2005, 12:10
  4. SoftIce Backtrace Buffer Disassembler - A new tool
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: August 11th, 2001, 04:48
  5. SoftIce Backtrace Buffer Disassembler - A new tool
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: August 7th, 2001, 16:00

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •