Re: Buffer overflow in 95 and 98

["Michael H. Warfield" <mhw () wittsend com>]

On Mon, Nov 15, 1999 at 09:44:34AM -0500, Eric Toll wrote:
> Is this an issue if boxes are behind firewall?

        If this is (and it certainly appears to be) an issue where a
client box running Windows 95 or Windows 98 encounters a long URL on
a server and then barfs up on an exploit, then...  Yes!  This very
much affects boxes behind a firewall.

        The firewall (at least most that I know of) is not going
to parse the html pages and block a page because it contains a
long file name file request embedded in it.  The exploit can then to
a reverse connection back out of the compromised box and connect back
to the attacker.  It is still a "cybermine" type attack where you have
to get the chump to trip over your mine, though.

> There is a buffer overflow in the Windows 95 and Windows 98
> networking software that processes file name strings. If the
> networking software were provided with a very long random string
> as input, it could crash the machine. If provided with a
> specially-malformed argument, it could be used to run arbitrary
> code on the machine via a classic buffer overrun attack.

        [...]

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!