Re: [Full-disclosure] help analysing asn overflow
- From: David Chastain <dlcmacosx@xxxxxxx>
- Date: Fri, 21 Sep 2007 13:38:20 -0700
Are you gonna blow hot air VK or are you gonna help the man/woman???
On Friday, September 21, 2007, at 12:44PM, <Valdis.Kletnieks@xxxxxx> wrote:
On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said:
i am trying to analyse the old asn integer overflow.Can anyone guide me
towards right direction?which function contains the vulnerable code?is it
asn1_decode?
It's not "the old asn integer", it's "one of the old asn integer"...
There were about a zillion and a half different places in that code that
were exploitable, because actual error checking was, like, a foreign language
to that crew when they wrote it originally.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] help analysing asn overflow
- From: Code Breaker
- Re: [Full-disclosure] help analysing asn overflow
- From: Valdis . Kletnieks
- [Full-disclosure] help analysing asn overflow
- Prev by Date: Re: [Full-disclosure] 0day: PDF pwns Windows
- Next by Date: Re: [Full-disclosure] [Dailydave] Hacking software is lame -- try medical research...
- Previous by thread: Re: [Full-disclosure] help analysing asn overflow
- Next by thread: [Full-disclosure] iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities
- Index(es):
Relevant Pages
|
