Testing Exploitable Buffer Overflows From Open Source Code Test suite #88

Author: Eric Rosenberg
Language: C
Size: 349 KB
Sha256sum: e1e5d0c7f2537c850db869520877a2c1ebec14760468916703db43160599c05f
Number Of Test Cases: 28
Submission Date: 08 Jun 2014

Description

Zitser, Lippmann, and Leek extracted 14 model programs from internet applications (BIND, Sendmail, WU-FTP) with known buffer overflows. These models have the portion of code with the overflows. Patched versions are also included. Examples of using these are in "Using Exploitable Buffer Overflows From Open Source Code" 2004.

Displaying test cases 26 - 28 of 28 in total

CWE-124

1308-v1.0.0

Added 19 years ago

candidate

good

tTflag Buffer Underrun: CVE-2001-0653. Patched version. From MIT benchmarks (models/sendmail/s6) Due to a type casting side effect (assigning unsigned int to signed int), it is possible to write data to a negative index of a buffer. Patched file: tTflag-ok.c Patched line number: 169
CWE-119

1309-v1.0.0

Added 19 years ago

candidate

bad

TXT Record Overflow: CVE-2002-0906. From MIT benchmarks (models/sendmail/s7) A buffer overflow poses the risk of a denial of service attack or possibly execution of arbitrary code via a malicious DNS server. Bad file: txt-dns-file-bad.c Bad line number: 328, 330 Taxonomy Classification: 000134...
CWE-119

1310-v1.0.0

Added 19 years ago

candidate

good

TXT Record Overflow: CVE-2002-0906. Patched version. From MIT benchmarks (models/sendmail/s7) A buffer overflow poses the risk of a denial of service attack or possibly execution of arbitrary code via a malicious DNS server. Patched file: txt-dns-file-ok.c Patched line number: 315, 317

Results per page