Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- From: "KJK::Hyperion" <hackbunny@xxxxxxxxxx>
- Date: Thu, 29 Nov 2007 13:28:25 +0100
Tonnerre Lombard ha scritto:
May I suggest that this protection is not perfect? I was hoping thatBy terminating the program before the payload is executedIsn't the FTP client compiled with stack overflow protection?If so, how is that supposed to help?
people on this mailing list consider this to be an established fact.
You can suggest it. However, ftp.exe is also linked with the secure
exception handlers option. How do you divert execution when ftp.exe is
running on a platform with encrypted global pointers? ftp.exe is no
Internet Explorer, either, you cannot arbitrarily load third party DLLs
in it. Why, it doesn't even link shell32.dll or ole32.dll. And I remind
you these are buffer overflows in a text field of an user interface
Rajesh and others like him have been peddling this "vulnerability" for
months if not years. Some security "professionals" should stop fooling
themselves and have the basic honesty to admit their behavior is rather
more fitting of a small-time loan shark or mafia picciotto, if not the
honesty to submit straight away to the vendor what is clearly just a bug
with no strategical security implications
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- From: Rajesh Sethumadhavan
- Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- From: KJK::Hyperion
- Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- From: Tonnerre Lombard
- Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- From: KJK::Hyperion
- Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- From: Tonnerre Lombard
- [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- Prev by Date: Re: [Full-disclosure] Microsoft FTP Client Multiple
- Next by Date: [Full-disclosure] IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS
- Previous by thread: Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- Next by thread: Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability
- Index(es):
Relevant Pages
|
