BCB compiler是一款流行的编译器。
BCB编译器处理sizeof操作符存在问题,本地攻击者可以利用漏洞对系统进行拒绝服务或提升特权攻击。
由于错误使用sizeof操作符,可导致整数溢出,进行拒绝服务攻击。
漏洞消息时间:2006-02-06
漏洞起因
设计错误
影响系统
BCB6+ent_upd4
危害
本地攻击者可以利用漏洞对系统进行拒绝服务或提升特权攻击。
攻击所需条件
攻击者必须访问BCB compiler所在系统。
测试方法
/**
* check_compiler_sizeof_vulnerability.c
*
* Check compiler whether correct deal with sizeof operator,
* which can cause integer overflow if you careless use !!!
*
* note: some old compiler have this vulnerability!!!!
*
* by alert7@xfocus.org
*
* XFOCUS Security Team
* http://www.xfocus.org
*
* already tested:
*
* BCB6+ent_upd4....................................vuln !!!
* gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
* gcc version 2.95.3-4(cygwin special).............not vuln
* gcc version egcs-2.91.66.........................not vuln
* cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
* VC6+sp5..........................................not vuln ,thank eyas
* lcc version 3.8..................................not vuln ,thank
tombkeeper
* evc4+sp4.........................................not vuln ,thank san
*
* REQUEST YOUR COMMENT:
* VC6 not sp5......................................?
* VC7..............................................?
* evc not sp4......................................?
* freebsd gcc version..............................?
* openbsd gcc version..............................?
* ...
*/
#include
int main(int argc, char *argv[])
{
int i =-1;
printf("Check compiler whether correct deal with sizeof
operator\n");
printf(" by alert7@xfocus.org \n\n");
if (i > sizeof ( int ) )
{
printf("This compiler is not vuln\n");
}else
printf("This compiler is vuln!!!\n");
getchar();
return 0;
}
厂商解决方案
目前没有详细解决方案提供,请关注以下链接:
http://borland.com/
漏洞提供者
XFOCUS Security Team
漏洞消息链接
http://marc.theaimsgroup.com/?l=bugtraq&m=113924964824656&w=2
漏洞消息标题
[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability