Firewall Wizards mailing list archives
Re: Buffer overflow in 95 and 98
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Tue, 16 Nov 1999 16:39:02 -0500
On Mon, Nov 15, 1999 at 09:44:34AM -0500, Eric Toll wrote:
Is this an issue if boxes are behind firewall?
Most definitely. Unless your proxy knows exactly what super-long URLs and UNCs [universal??? who besides Microsoft uses them???] to exclude, you can get as easily hit while browsing a web page from behind a firewall as while browsing it with no firewall. And some of the things that people call firewalls don't even have proxies to protect you!
There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack. The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message. Affected Software Versions ========================== The buffer overrun is present in the networking software in all versions of Windows 95 and Windows 98. Patch Availability ================== - Windows 95: http://download.microsoft.com/download/win95/update/245729/ w95/en-us/245729us5.exe - Windows 98: http://download.microsoft.com/download/win98/update/245729/ w98/en-us/245729us8.exe
<flame mini> The problems with attempts to create a system with a monolithic or no architecture. </flame> -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Buffer overflow in 95 and 98 Eric Toll (Nov 15)
- Re: Buffer overflow in 95 and 98 Michael H. Warfield (Nov 16)
- Re: Buffer overflow in 95 and 98 Joseph S D Yao (Nov 17)