Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow.
From: KF (lists) (kf_lists_at_secnetops.com)
Date: 04/30/04
- Previous message: OpenPKG: "[Full-Disclosure] [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)"
- In reply to: Lan Guy: "Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."
- Next in thread: 3APA3A: "Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 29 Apr 2004 18:06:12 -0400
smbd aparantly likes them to be a 256 chars or less aparantly. =]
Apr 27 18:26:39 CloneRiot smbd[2670]: ERROR: string overflow by 1 (256
- 255) in safe_strcpy [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
-KF
Lan Guy wrote:
> http://lists.samba.org/archive/jcifs/2003-February/001782.html
>
> Even people like Christopher Hertel
> http://ietf.cnri.reston.va.us/internet-drafts/draft-crhertel-smb-url-06.txt
>
> don't know the maximum limit of a share name.
> I always thought that the protocol could not have more than 127
> charaters in a single share name length.
>
> In any case Explorer should not crash.
> Lan Guy
>
> ----- Original Message ----- From: "KF (lists)" <kf_lists@secnetops.com>
> To: <bugtraq@securityfocus.com>
> Cc: <full-disclosure@lists.netsys.com>
> Sent: Thursday, April 29, 2004 2:55 AM
> Subject: Re: [Full-Disclosure] Microsoft's Explorer and Internet
> Explorer long share name buffer overflow.
>
>
>> I would say they lied myself... I have all patches from Windows
>> update installed including all the optional ones... still crashes for
>> me and still tears up the EIP and EBP. My IE advertises itself as:
>> 6.0.2800.1106 SP1; Q837009;Q8832894:Q831167 , The OS is Win2k Server
>> 5.00.2195 SP4.
>>
>> Thus far I have been unable to locate a good unicode return
>> address... but thats not to say there is not one there. =] . For
>> those of you wondering smb.conf DOES allow for characters like \x90
>> and other things of that nature.
>>
>> enjoy.
>>
>> -KF
>>
>>
>> Paul Szabo wrote:
>>
>>>
>>> Anyway, http://support.microsoft.com/?kbid=322857 lies when it says
>>> this is
>>> fixed in W2kSP4; or maybe that KB article refers to a different
>>> problem: it
>>> say the error should be "Access Violation", I got "Program Error".
>>>
>>> Cheers,
>>>
>>> Paul Szabo - psz@maths.usyd.edu.au
>>> http://www.maths.usyd.edu.au:8000/u/psz/
>>> School of Mathematics and Statistics University of Sydney 2006
>>> Australia
>>>
>>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: OpenPKG: "[Full-Disclosure] [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)"
- In reply to: Lan Guy: "Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."
- Next in thread: 3APA3A: "Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
