Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Format Bugs in Windows Code?

From: Iván Arce <core.lists.exploit-dev () CORE-SDI COM>
Date: Fri, 8 Sep 2000 19:17:36 -0300
Crispin,
 problem #3 of our NAI Net Tools PKI Server advisory is a format
 string vulnerability in a Windows NT program:
 http://www.core-sdi.com/advisories/pki_server_adving.htm

Crispin Cowan wrote:


This C|Net news story
http://yahoo.cnet.com/news/0-1003-200-2719802.html?pt.yfin.cat_fin.txt.ne
breaks the news about format bugs to the main stream media, but
describes it as a UNIX/Linux problem.  I see no reason why this class of
bugs should be restricted to UNIX code.  However, I also cannot recall
seeing a format bug announced for Windows yet.  Anyone know of an
instance?

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
                Olympics:  The Corruption Games


--
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce


==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email   : iarce () core-sdi com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarce () core-sdi com
Previous By Date Next
Previous By Thread Next

Current thread: