Dailydave mailing list archives
Re: Ferret
From: "Pusscat" <pusscat () metasploit com>
Date: Tue, 6 Mar 2007 10:44:43 -0500
I'm not seein' it... Not an overflow on method since the < means the null is written at offset 15. Not even an infinite loop, since length is capped at 10 before this. ~ Puss -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Phrack Senate Omniscient Sent: Tuesday, March 06, 2007 6:28 AM To: Dailydave () lists immunitysec com Subject: Re: [Dailydave] Ferret On 3/5/07, Ronaldo Vasconcellos <ronaldo () cais rnp br> wrote:
Very interesting tool, folks. When I sent a message to wifisec@securityfocus on Friday it was just an announcement made on Black Hat DC, but Maynor released the tool in the same day.
seepage
Errata Security: Ferret http://www.erratasec.com/ferret.html
"probably has a remote vulnerability" aka "we dun know how to code proper. lulz!!! :(" Ferret-1/Ferret/http.c: void process_simple_http(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length) { char method[16]; ... x=0; while (i<length && !isspace(px[i])) { if (x < sizeof(method) -1) { method[x++] = (char)toupper(px[i++]); method[x] = '\0'; } } ur code getting owned in less than 60 seconds: priceless knowing that ur code prolly has a dozen other elementary errors resulting in memory corruption: just fucking embarassing Some at Black Hat called it "serious fucking business". --- phrack senate omniscient fighting internet crime with internet rhymes fuck the high council _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Ferret Ronaldo Vasconcellos (Mar 05)
- Re: Ferret Phrack Senate Omniscient (Mar 06)
- Message not available
- Re: Ferret Robert Wesley McGrew (Mar 06)
- Message not available
- Re: Ferret Pusscat (Mar 06)
- Re: Ferret J.M. Seitz (Mar 06)
- Re: Ferret Phrack Senate Omniscient (Mar 06)
- <Possible follow-ups>
- Fwd: Ferret gerbil (Mar 06)