Bugtraq mailing list archives
How to exploit AlephOne by JP of AntiOnline
From: positron () THEGRID NET (F0RMiCA)
Date: Fri, 24 Apr 1998 00:28:54 -0700
Hello, I am bringing to your attention a very serious offense to AlephOne's First Amendment Rights and to Copyright Violation. Recently I noticed that AntiOnline Posted a "Special Report" on Buffer Exploits which is a startling resemblance to AlephOne's Article in PHRACK49 "Smashing the Stack..." Here is what i mean: JP: ----------------------- void function(char *str) { char buffer[16]; strcpy(buffer,str);} void main() { char evil[256]; int i; for(i=0;i<255;i++) evil[i] = 'A'; function(evil);} AlephOne: --------------void function(char *str) { char buffer[16]; strcpy(buffer,str);}void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; function(large_string);} AND FOR MORE: JP: ----- Ok, we can tell that a typical buffer overflow exists here,the function involved uses the strcpy() function to check its bounds, instead of the safer, strncpy(). AlephOne: -------------- This is program has a function with a typical buffer overflow coding error. The function copies a supplied string without bounds checking by using strcpy() instead of strncpy(). ****************************************** I am bringing this up because there was no citation or credit given to AlephOne to *HIS* code, not JP's, and that it is a serious illegal offense, not to mention highly immoral, to steal the works of other colleagues in this field. because of this, antionline (www.antionline.com) and JP should be boycotted and even prosecuted for copyright infringement. F0RMiCA Ambient Empire http://www.thegrid.net/positron
Current thread:
- More Microsoft debri Lloyd Vancil (Apr 23)
- <Possible follow-ups>
- Re: More Microsoft debri Michael Howard (Apr 23)
- Re: More Microsoft debri pedward () WEBCOM COM (Apr 23)
- Re: More Microsoft debri James E. Robinson, III (Apr 23)
- Another Frontpage Bug, with promiscuous ScriptAliases pedward () WEBCOM COM (Apr 23)
- Flaw in HTTP-Authentication in O'Reilly Website Pro BarKode (Apr 23)
- Re: Another Frontpage Bug, with promiscuous ScriptAliases Marc Slemko (Apr 23)
- How to exploit AlephOne by JP of AntiOnline F0RMiCA (Apr 24)
- Security Hole in Netscape Enterprise Server 3.0 Daragh Malone (Apr 24)
- Re: Security Hole in Netscape Enterprise Server 3.0 Matthew Frederick (Apr 24)
- How to exploit mudge by AlephOne by JP AntiOnline Dr. Mudge (Apr 24)
- Re: How to exploit mudge by AlephOne by JP AntiOnline Aleph One (Apr 24)
- Re: More Microsoft debri pedward () WEBCOM COM (Apr 23)