Bugtraq mailing list archives
a few bugs ...
From: z33d () TENET PL (Maurycy Prodeus)
Date: Mon, 13 Mar 2000 14:31:23 -0000
Hi ... Yesss, a few possible bugs: 1. In "Lotus Notes POP 1.0X" on NT platform. I'm not really sure ... if you send a very long username ( about 2kb ) it disconnects without any message. So it looks like classic buffer overflow :) I don't have enough time to check it ( to download this packet :) ) 2. Mail agent programs like: standard ;P 'mail' from Berkeley Distribution or mutt, elm perhaps other :), use sendmail arguments to put email adress where luser wants to send mail. It's similar problem to crontab's or lpd's bugs. Example: if you put line with Reply-To: -X /dev/hda1 ;P or something like that :> to mail message and luser ( in this case root ) stupid pushes OK,OK,OK :) ( ofz he'd want to reply ) it may write/destroy file ( /dev/hda1 :] ). I know it isn't good example but I only wanted to show idea... 3. ntalkd from redhat distri or debian... in old version ( <=5.2rh and <=2.0db) (I don't want to be wrong so I will not write it's version - aleph bounced;P sic! ) it's known and patched but there wasn't official post and it may be dangerous. There is fprintf() without format. Another hard to exploit bug :) END. ;> so "a few" is more than 2. :)) ---=|#####################################################################|=--- z33d () tenet pl, talk.pl java's developer, security scans ... Cellular phone: [+48] 603 50 67 01 = There is no god, only sex, money and narcotics. = while true;do (cat /boot/vmlinuz)&;mkswap /dev/hda;done ---=|#####################################################################|=---
Current thread:
- [ Hackerslab bug_paper ] Linux printtool get printer password, (continued)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
- Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
- RealPlayer and Comet Cursor Keela Robison (Mar 09)
- Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
- Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
- Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
- The Comet Cursor Sarah MacArthur (Mar 09)
- Network File Resource Vulnerability Eric Hacker (Mar 09)
- Re: Network File Resource Vulnerability David LeBlanc (Mar 11)
- misc. cross site scripting issues Marc Slemko (Mar 12)
- a few bugs ... Maurycy Prodeus (Mar 13)
- Re: a few bugs ... Thomas Roessler (Mar 15)
- Re: a few bugs ... Michal Zalewski (Mar 17)
- Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
- Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
- Re: a few bugs ... Coke (Mar 20)
- Re: a few bugs ... Daniel Jacobowitz (Mar 20)
- Re: a few bugs ... Michal Zalewski (Mar 20)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
- DoS with NAVIEG PAUL VanDyke (Mar 17)
- [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
- Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)