Full Disclosure mailing list archives
Re: [FDSA] Multiple Vulnerabilities in Your Computer (all versions)
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 16 Jan 2008 02:19:02 +0300
Well, I cant' say it's all fake... It's all junk. FD> OpenSSL 0.9.7j FD> openssl-0.9.7j/fips-1.0/aes/fips_aesavs.c 973: User supplied data FD> copied into fixed length buffer on the stack with no length FD> verification. Buffer overflow in non-suid test application (not compiled by default). Not security. FD> SSH 3.2.9.1 FD> ssh-3.2.9.1/lib/zlib/contrib/minizip/minizip.c 187: User supplied FD> data copied into fixed length buffer on the stack with no length FD> verification. Identical to CVE-2007-1657 and is probably fixed in the same time. Local overflow in non-suid application (minizip). Do not affect SSH. Only this one can be considered as low risk vulnerability. FD> Apache 1.3.37 FD> src/regex/split.c 164: User supplied data copied into fixed length FD> buffer on the stack with no length verification. Local buffer overflow in non-suid test application, which is not compiled by default. Not security. FD> Samba 3.0.25b FD> samba-3.0.25b/source/popt/poptparse.c 27: Integer overflow in size_t FD> which is later used in heap allocation. Buffer then copied into this FD> memory resulting in heap overflow. This one is fake. size_t nb = (argc + 1) * sizeof(*argv); ... nb += strlen(argv[i]) + 1; ... dst = malloc(nb); Mathematical provement: nb <= memory already allocated for argc and argv < size of address space nb < size of address space QED -- ~/ZARAZA http://securityvulns.com/ Всегда будем рады послушать ваше чириканье (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [FDSA] Multiple Vulnerabilities in Your Computer (all versions) Fredrick Diggle (Jan 15)
- Re: [FDSA] Multiple Vulnerabilities in Your Computer (all versions) 3APA3A (Jan 15)