Re: [Full-Disclosure] [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS
From: Knud Erik Højgaard (kain@ircop.dk)
Date: 02/20/02
- Previous message: Bernie, CTA: "RE: [Full-Disclosure] Hackers View Visa/MasterCard Accounts"
- In reply to: Grégory Le Bras | Security Corporation: "[Full-Disclosure] [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Knud Erik Højgaard <kain@ircop.dk> To: Grégory Le Bras | Security Corporation <gregory.lebras@security-corp.org>, <full-disclosure@lists.netsys.com> Date: Wed, 20 Feb 2002 00:13:24 +0100
Grégory Le Bras | Security Corporation wrote:
> .: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
> ________________________________________________________________________
>
> Security Corporation Security Advisory [SCSA-005]
> ________________________________________________________________________
[snip]
> Sending a parameter with a buffer of 1024 bytes in length or more,
> causes Proxomitron Naoko to crash.
>
> This vulnerability can be easily exploited to execute code.
>
> Exploitation example :
>
> c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[snip A's]
> AAAAAAAAAAAAAAAAAAAA
Could you perhaps provide a real-world example where this might be used to
gain additional privileges? I fail to see the useful bit in this
vulnerability.
-- Knud _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Next message: Richard M. Smith: "[Full-Disclosure] Data Processors International was broken into"
- Previous message: Bernie, CTA: "RE: [Full-Disclosure] Hackers View Visa/MasterCard Accounts"
- In reply to: Grégory Le Bras | Security Corporation: "[Full-Disclosure] [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
