Vulnerability Development mailing list archives

Re: Format Bugs in Windows Code?

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 9 Sep 2000 03:43:39 +0200

I see no reason why this class of
bugs should be restricted to UNIX code.


Depends on how the compiler implements vargs?

However, I also cannot recall
seeing a format bug announced for Windows yet.


Far less windows source is open source ;)
Actually, I vagely remember an Win32 developer posted source code in
vuln-dev with questions regarding if his source was vulnerable (seemed to
be) but the name of the application wasn't discolsured, mayhap not a
wellknown one.

After all, people should remember that so far there have been a very
limited number of reports of vulnerable applications at all.

Anyone keeping records of when these bugs were first realized & discoved?
Some digging reveals the following:

Jun 30 2000, wu-ftpd:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D76204

since then numerous reports on wu-ftpd, popper, pro-ftpd & bitchx are
posted. Although they were many in a short while, it would seem either we
got most of these bugs in a row, or the others are harder to track down.

I think I remember reports of these vulnerabilities even before this, but
then the full concept wasn't realized (crash only I think was realized)
and one of my reasons for stop running ftp was all the problems related to
them. Lurking about some more reveals that proftpd developers seems to
have been investigating this problem in april:

http://www.proftpd.org/proftpd-devel-archive/00-04/msg00092.html

Anyone know of any previous discussions regarding these kind of bugs?

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team


On Thu, 7 Sep 2000, Crispin Cowan wrote:

This C|Net news story
http://yahoo.cnet.com/news/0-1003-200-2719802.html?pt.yfin.cat_fin.txt.ne
breaks the news about format bugs to the main stream media, but
describes it as a UNIX/Linux problem.  I see no reason why this class of
bugs should be restricted to UNIX code.  However, I also cannot recall
seeing a format bug announced for Windows yet.  Anyone know of an
instance?

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
                Olympics:  The Corruption Games

Current thread:

Format Bugs in Windows Code? Crispin Cowan (Sep 08)
- Re: Format Bugs in Windows Code? Iván Arce (Sep 12)
- Re: Format Bugs in Windows Code? Bluefish (P.Magnusson) (Sep 12)
  - Re: Format Bugs in Windows Code? Crispin Cowan (Sep 12)
    - Re: Format Bugs in Windows Code? Bluefish (P.Magnusson) (Sep 12)
    - Re: Format Bugs in Windows Code? Pavel Kankovsky (Sep 12)
    - Re: Format Bugs in Windows Code? Bluefish (P.Magnusson) (Sep 13)
    - Re: Format Bugs in Windows Code? Daniel Jacobowitz (Sep 12)
- <Possible follow-ups>
- Re: Format Bugs in Windows Code? Michael Wojcik (Sep 12)
  - Re: Format Bugs in Windows Code? Thomas Dullien (Sep 12)
- Re: Format Bugs in Windows Code? Scott Hardy (Sep 12)
- Re: Format Bugs in Windows Code? Michael Wojcik (Sep 12)