Vulnerability Development mailing list archives

Buffer overflow or overrun?

From: "Alberto Cozer" <acozer () fti com br>
Date: Fri, 12 Apr 2002 13:20:54 -0300

Hello, All!

I've been reading the last Microsoft advisories and one of the
vulnerabilities descriptions made me
think about buffer overrun.

The description for the HTTP header delimiters vulnerability sounds
like a buffer overflow, although
it is described as a buffer overrun. And the differences between
overflow and overrun are very well defined, but
it seems that someone is forgetting it.

I might be wrong, but what I understood from the technical description
is that the problem regards to
an overflow. Anyone have any idea on that, or knows the reason why it
is described like that?



Alberto Cozer
Future Technologies Digital Security
IBM Certified AIX System Specialist
acozer () fti com br
http://www.fti.com.br



*********************************************************
Future Technologies Seguranca Digital

Esta mensagem e de responsabilidade de seu autor.
Seu conteudo nao reflete necessariamente a opiniao da
empresa.
*********************************************************

Current thread:

Buffer overflow or overrun? Alberto Cozer (Apr 12)
- <Possible follow-ups>
- Re: Buffer overflow or overrun? Steven M. Christey (Apr 28)
  - Re: Buffer overflow or overrun? Crist J. Clark (Apr 29)
- Re: Buffer overflow or overrun? Steven M. Christey (Apr 29)
  - Re: Buffer overflow or overrun? D'Ávila (Apr 29)
    - Re: Buffer overflow or overrun? Rodrigo Barbosa (Apr 29)
    - Re: Buffer overflow or overrun? David Gadelha (Apr 29)
    - Re: Buffer overflow or overrun? Rodrigo Barbosa (Apr 29)
    - Re: Buffer overflow or overrun? andreas 'dexxter' halter (Apr 30)
    - AW: Buffer overflow or overrun? Johannes Lemmerer (Apr 30)
    - Hacker's Digest Issue Four Spring 2002 John Thornton (Apr 30)

(Thread continues...)