Vulnerability Development mailing list archives
Administrivia #5218
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Fri, 21 Jan 2000 21:29:25 -0800
Ok, gotta kill the snprintf thread. I'll be dropping the rest of those posts unless there's something particular interesting. If someone has a pointer to a list of broken libs/OSes containing a bad snprintf, I'll post that. I'd also be curious to see a package or two that tires to be careful and use snprintf, but fails for some interesting reason. As for the last call for packages to break: I've had a vote for Exchange/MS SMTP. I'd be happy to run that one, but that's going to be a little more difficult than average for most folks to get to play with. If someone wants to volunteer an Exchange server (their own!), that would work. It would also be useful IMHO to poke at a Windows firewall or two, perhaps BlackICE or something else. Something folks can download a free demo version of. (We've been neglecting our Windows users.) I'm told there's an overflow in this package: http://www.capsi.com/src/bigbrotherwebstats/ I'm told there are unpublished exploits for this package: http://www.nswc.navy.mil/ISSEC/CID/ Finally, I agree that ICQ could use some looking at. Obviously, there IS a problem, as discussed on Bugtraq. By design, Bugtraq doesn't allow for a lot of discussion, which we can do here. I consider things like ICQ and AIM and MS Chat particularly nasty, as they find their way out from behind firewalls so well, and constitute a server on your inside clients. BB
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
- Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
- Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
- Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)