Bugtraq mailing list archives
Re: uTorrent overflow
From: Andreas Beck <becka-list-bugtraq () bedatec de>
Date: Thu, 7 Jun 2007 12:30:25 +0200
Jon Ribbens <jon+bugtraq2 () unequivocal co uk> wrote:
On Sat, Jun 02, 2007 at 08:15:09PM -0000, Dj.r4iDeN () gmail com wrote:if [ "$X" = "y" ];then telnet $victamIP $victamportUm, is it just me, or does this "exploit" do nothing at all?
According to the comment that is output a few lines above, you are supposed to "after you connect hold the enter key" So the claim is probably, that a large number of <LF> or probably rather <CR><LF> will do something to utorrent. However I have not even tried to verify it, as this "advisory" contains almost no detail (like version, effect on utorrent), etc. To the OP: If you want to be taken seriously, you should take more time to investigate the vulnerability and to learn the right tools (like perl and netcat in this case) than to write silly scripts that ask for data that could just be supplied on the commandline. Kind regards, Andreas Beck -- Andreas Beck http://www.bedatec.de/
Current thread:
- uTorrent overflow Dj . r4iDeN (Jun 04)
- Re: uTorrent overflow Jon Ribbens (Jun 06)
- Re: uTorrent overflow Andreas Beck (Jun 07)
- Re: uTorrent overflow Gavin Hanover (Jun 07)
- Message not available
- Re: uTorrent overflow Pavel Konov (Jun 07)
- Re: uTorrent overflow Jon Ribbens (Jun 06)
- <Possible follow-ups>
- Re: uTorrent overflow Dj . r4iDeN (Jun 06)