Vulnerability Development mailing list archives
Re: Yahoo pager
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 31 Aug 2000 13:26:37 +0200
eip=61616161The first few times I tried to crash YM I used random characters until YM prevented me from entering more. When I was figuring the buffer limit I used "a"'s, I don't think the character makes a difference.
without knowing where the 0x61's comes from, I'd really say it might be jumping to conclusions. Perhaps this is an broken snprintf implementation which forgets to nullterminate on overflows, or something similary. Then we ''only'' have to figure out where the arrays of 0x61 is used and make the appropriate sequence to make YM change it. A bit work though ;) Anyone up to the challenge? Anyone contacted yahoo about the issue? /me off to take a nap, work - what an horrible thought :) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Yahoo pager Blake Frantz (Aug 30)
- <Possible follow-ups>
- Re: Yahoo pager Blake Frantz (Aug 30)
- Re: Yahoo pager Bluefish (P.Magnusson) (Aug 31)
- Re: Yahoo pager Sean Michael Whipkey (Aug 31)
- Re: Yahoo pager Frantz, Blake (Aug 31)