Full Disclosure mailing list archives
Re: Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
From: "Santos Rayes" <santosreyes2001 () hotmail com>
Date: Thu, 08 Jan 2004 17:42:52 +0000
On Thu, Jan 08, 2004 at 03:38:43AM -0800, Tri Huynh wrote:
VULNERABLE VERSIONS: 5.6.0.1351 and below For a fast demonstration, you can create a file like this "test<insert around 210 spaces here>.jpg" and send it to another user and ask her to download it.
can't reproduce this. have 1351 and 1347 and transfers don't progress between them when name is more than 193 characters. there was maybe an adjustment of the server but those versions don't seem vulnerable either. santos _________________________________________________________________Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Yahoo Instant Messenger Long Filename Downloading Buffer Overflow Tri Huynh (Jan 08)
- <Possible follow-ups>
- Yahoo Instant Messenger Long Filename Downloading Buffer Overflow Tri Huynh (Jan 08)
- Re: Yahoo Instant Messenger Long Filename Downloading Buffer Overflow Santos Rayes (Jan 08)
- 3 new MS patches next week... but none fix 0x01! Exibar (Jan 08)
- Re: 3 new MS patches next week... but none fix 0x01! S G Masood (Jan 08)
- Re: 3 new MS patches next week... but none fix 0x01! Michael Renzmann (Jan 08)
- RE: 3 new MS patches next week... but none fix 0x01! Poof (Jan 08)
- Re: 3 new MS patches next week... but none fix 0x01! Liu Die Yu (Jan 09)
- 3 new MS patches next week... but none fix 0x01! Exibar (Jan 08)
- Re: 3 new MS patches next week... but none fix 0x01! Nick FitzGerald (Jan 10)
- Re: 3 new MS patches next week... but none fix 0x01! Mary Landesman (Jan 10)