comment on

pack() will only read from arbitrary memory. It won't write back. pack( "p", ... ) returns a pointer, unpack( "p", ... ) reads from a pointer.

Anyway, I'm just noticing that this is an unexpected way to write to memory (or more likely just segfault). Prior to coming up with the list of references in the original post, I wasn't sure that some CGI module wasn't going to be using sprintf() or something and maybe then be a commonly accessible remote exploit. It turned out that there weren't all that many places that user data might actually go through a format. If anything, I'd imagine that Sys::Syslog would be biggest problem just because its easy to omit the format from the parameter list.

In reply to Re^3: Searching for sprintf() bug exploit opportunities in core and CPAN modules by diotalevi
in thread Searching for sprintf() bug exploit opportunities in core and CPAN modules by diotalevi

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.