Bugtraq mailing list archives
Re: Arbitrary code execution in eping plugin
From: Anders Henke <anders () schlund de>
Date: Wed, 15 Jun 2005 10:56:19 +0200
Am 14.06.2005 schrieb Christoph 'knurd' Jeschke:
Jonathan Angliss schrieb:Won't match IPv6 addresses, but neither will the original code, and it matches IP addresses perfectly I believe.My Suggestion for IPv4 is: ^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])$ So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and 240.0.0.0/4 (Future Use) as described in RFC3330. (based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl) Any further suggestions?
Beware that 0.0.0.1 is also adressable, as the whole /8 has been issued for the same thing :-) If you wish to use a very complete list of "unlikely" IPv4 adresses, you're looking for the bogons list at http://www.cymru.com/Bogons/. A short list on "special" IPv4 adresses can be found in RFC 3330; so you might also wish to add 0.0.0.0/8 (RFC1700) 127.0.0.0/8 (loopback, RFC1700) 169.254.0.0/16 (LINKLOCAL) 192.0.2.0/24 (NET-TEST, "for documentation only") 198.18.0.0/15 (network device testing, see RFC 2544) ... and possibly more or less the complete RFC1918-space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), too. For IPv6, at least 0000::/8 (loopback) FE00::/9 and FF00::/8 (multicast, see RFC3513) 2001:DB8::/32 ("documentation-only", RFC3849) are quite clear to reject. Regards, Anders -- Schlund + Partner AG Security Brauerstrasse 48 v://49.721.91374.50 D-76135 Karlsruhe f://49.721.91374.225
Current thread:
- Arbitrary code execution in eping plugin y0int (Jun 09)
- Re: Arbitrary code execution in eping plugin Oliver Monneke (Jun 13)
- Re: Arbitrary code execution in eping plugin Jonathan Angliss (Jun 14)
- Re: Arbitrary code execution in eping plugin Christoph 'knurd' Jeschke (Jun 14)
- Re: Arbitrary code execution in eping plugin Anders Henke (Jun 15)
- Re: Arbitrary code execution in eping plugin Jonathan Angliss (Jun 14)
- Re: Arbitrary code execution in eping plugin Oliver Monneke (Jun 13)
- <Possible follow-ups>
- Re: Arbitrary code execution in eping plugin oliver (Jun 11)
- Re: Arbitrary code execution in eping plugin Sam Michaels (Jun 13)
- Re: Arbitrary code execution in eping plugin exon (Jun 13)