Re: Buffer overflow in 95 and 98

[Joseph S D Yao <jsdy () cospo osis gov>]

On Mon, Nov 15, 1999 at 09:44:34AM -0500, Eric Toll wrote:
> Is this an issue if boxes are behind firewall?

Most definitely.  Unless your proxy knows exactly what super-long URLs
and UNCs [universal???  who besides Microsoft uses them???] to exclude,
you can get as easily hit while browsing a web page from behind a
firewall as while browsing it with no firewall.  And some of the things
that people call firewalls don't even have proxies to protect you!

> There is a buffer overflow in the Windows 95 and Windows 98
> networking software that processes file name strings. If the
> networking software were provided with a very long random string
> as input, it could crash the machine. If provided with a
> specially-malformed argument, it could be used to run arbitrary
> code on the machine via a classic buffer overrun attack.
>
> The vulnerability could be exploited remotely in cases where a
> file:// URL or a Universal Naming Convention (UNC) string on a
> remote web site included a long file name or where a long file
> name was included in an e-mail message.
>
> Affected Software Versions
> ==========================
> The buffer overrun is present in the networking software in all
> versions of Windows 95 and Windows 98.
>
> Patch Availability
> ==================
>  - Windows 95:
>    http://download.microsoft.com/download/win95/update/245729/ 
>    w95/en-us/245729us5.exe
>  - Windows 98:
>    http://download.microsoft.com/download/win98/update/245729/ 
>    w98/en-us/245729us8.exe

<flame mini>
The problems with attempts to create a system with a monolithic or no
architecture.
</flame>

-- 
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.