[STX] Multiple Security Vulnerabilities
ace_at_static-x.org
Date: 07/03/03
- Previous message: Secure Net Service(SNS) Security Advisory: "[SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 3 Jul 2003 17:39:11 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Multiple files vulnerable to a buffer overflow:
-
gnuchess is an updated version of the GNU chess playing program. It has a
simple alpha-numeric board display, an IBM PC compatible interface, or it
can be compiled for use with the chesstool program on a SUN workstation or
with the xboard program under X-windows.
-
gnuan produces an analysis of a chess game. For each move it shows the
move, the score and the principle variation selected by gnuchess.
-
isdnrep reads the isdnlog log files, generates reports, does
statistics, and other things. It can also generate HTML output for use
with a web server.
; By default the above are not suid.
proof of concept code for the above can be found at:
http://www.static-x.org/hax.php?pwned=code
