Re: [Full-Disclosure] [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS

From: Knud Erik Højgaard (
Date: 02/20/02

  • Next message: Richard M. Smith: "[Full-Disclosure] Data Processors International was broken into"
    From: Knud Erik Højgaard <>
    To: Grégory Le Bras | Security Corporation <>, <>
    Date: Wed, 20 Feb 2002 00:13:24 +0100

    Grégory Le Bras | Security Corporation wrote:
    > .: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
    > ________________________________________________________________________
    > Security Corporation Security Advisory [SCSA-005]
    > ________________________________________________________________________


    > Sending a parameter with a buffer of 1024 bytes in length or more,
    > causes Proxomitron Naoko to crash.
    > This vulnerability can be easily exploited to execute code.
    > Exploitation example :
    [snip A's]

    Could you perhaps provide a real-world example where this might be used to
    gain additional privileges? I fail to see the useful bit in this

    Full-Disclosure - We believe in it.

    Relevant Pages

    • Re: Bounds checking functions
      ... I guess if you do have a fixed size buffer, then yes, you want to be ... "I won't write correct code anyway, so I'll be as careless as I like". ... saying that nobody's perfect, though. ...
    • Re: "Sorting" assignment
      ... The next optimization step is not to use a "buffer". ... I have deliberately used "extempore untested C based pseudo code" ... because given the utter randomness of C libraries, ...
    • Re: track positions in arrays= index variables || pointers to elements?
      ... > and it holds an address of a member of the buffer. ... > It's type is unrelated to the type of the array. ...
    • Re: Cryptographic Exception - Bad Data (DESCryptoServiceProvider)
      ... The hash algorithm processes the stream in 8 byte pieces as follows ... > intentional) and store the result in the buffer ... I take the following sample data from FIPS 113 ...
    • Re: Endless loop question
      ... > actually turn this while loop into an endless loop instead of waiting ... This reads a character but doesn't do anything with it, ... into a buffer with fgets, and then pick the desired data value ...