Re: Format string bug in Half-Life client, but is it really exploitable???
From: Vade 79 (v9_at_fakehalo.deadpig.org)
Date: 09/30/03
- Previous message: sohlow: "Re: sample buffer overflow exploit problem"
- Maybe in reply to: Luigi Auriemma: "Format string bug in Half-Life client, but is it really exploitable???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Sep 2003 01:21:41 -0000 To: vuln-dev@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20030929190139.274c91cd.aluigi@altervista.org>
>]%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x
>Unknown command:
>270b4768.270b47e8.270b4868.270b48e8.27031ae9.0a07f128.00000002.01e11f28.01d
>1105c
if you can make that occur remotely via client or server, it will almost surely be exploitable.
format bug exploitation is a "write anywheres in memory you want" kind of deal and in almost all situations will allow for easy exploitation of the bug.
things like size limitations(of the buffer being parsed, not the buffer writing to), character truncation, and overflow of internal buffers while processing are some of the things that can hinder, but not stop, exploitation.
as it looks there, looks like it's ready to go for exploitation. you said you didn't know much about exploiting them though; plenty of (good) how-tos out there, not as hard to understand as many crack it up to be.
- Previous message: sohlow: "Re: sample buffer overflow exploit problem"
- Maybe in reply to: Luigi Auriemma: "Format string bug in Half-Life client, but is it really exploitable???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
