Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities
From: KOJIMA Hajime (kjm@rins.ryukoku.ac.jp)Date: 02/08/02
- Previous message: Tom Micklovitch: "MSN contact list disclosure"
- In reply to: Global InterSec Research: "[Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
- Next in thread: Kris Kennaway: "Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) To: bugtraq@securityfocus.com, research@globalintersec.com Date: Fri, 08 Feb 2002 17:16:51 +0900
In <017801c1b065$ba68f270$0b01a8c0@tomh61ib59mm58>,
"Global InterSec Research" wrote:
|
| As with many of the vulnerabilities in DeleGate, a SIGSEGV occurs
| when attempting to strcpy() unexpectedly long strings.
| In spite of attempts DeleGate makes to randomise the stack, we
| were successful in overwriting the Extended instruction pointer.
| Although the stack randomisation functions make things harder, they
| do not make arbitrary command execution impossible.
And, delegate has execve(2) trap (-Tx). Can you break it?
- kjm
- Previous message: Tom Micklovitch: "MSN contact list disclosure"
- In reply to: Global InterSec Research: "[Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
- Next in thread: Kris Kennaway: "Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
