Full Disclosure mailing list archives
Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS
From: Knud Erik Højgaard <kain () ircop dk>
Date: Wed, 20 Feb 2002 00:13:24 +0100
Grégory Le Bras | Security Corporation wrote:
.: Proxomitron Naoko Long Path Buffer Overflow/DoS :. ________________________________________________________________________ Security Corporation Security Advisory [SCSA-005] ________________________________________________________________________
[snip]
Sending a parameter with a buffer of 1024 bytes in length or more, causes Proxomitron Naoko to crash. This vulnerability can be easily exploited to execute code. Exploitation example : c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[snip A's]
AAAAAAAAAAAAAAAAAAAA
Could you perhaps provide a real-world example where this might be used to gain additional privileges? I fail to see the useful bit in this vulnerability. -- Knud _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS Grégory Le Bras | Security Corporation (Feb 19)
- Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS Knud Erik Højgaard (Feb 19)