COMMAND

	pks buffer overflow

SYSTEMS AFFECTED

	current version

PROBLEM

	Max [rusmir@tula.net] posted following:
	

	A    popular    pks     public     key     server     available     from
	http://www.mit.edu/people/marc/pks/pks.html  is  vulnerable  to   buffer
	overflow attack.
	

	A long enough (> 256b) search request will crash the service.
	

	It is as simple as this:
	

	

	gpg --search-keys `perl -e \"print \'A\'x512\"`

	

	

	or, without gpg,
	

	

	echo -e \"GET /pks/lookup?op=index&search=`perl -e \"print \'A\'x512\"`\"| nc keyserver-host 11371

	

	

	Fortunately (or unfortunately) in order  to  exploit  remote  execution,
	the code should be isalnum()  string  and  should  be  able  to  survive
	tolower() conversion. But  it  is  possible  to  write,  especially  for
	systems with locales, where 0x80..0xff are printable characters.

SOLUTION

	Nothing yet.