Vulnerability Development mailing list archives

bufferoverflow posadis m5pre2

From: eSDee <eSDee () netric org>
Date: 17 Apr 2002 17:38:27 -0000



Netric Security Team - http://www.netric.org
by eSDee

Posadis m5pre2
Type: Stackoverflow
Priority: 2

[01] Description
[02] Proof of concept
[03] Vendor response

[01] Description
     Posadis is a DNS server for Unix and Windows, 
available at 
     http://posadis.sourceforge.net.

     The m5pre2 was a security release for the 
formatstring bug in the log_print 
     function, discovered by kkr 
(http://online.securityfocus.com/bid/4378).

     The formatstring bug is fixed in m5pre2. However, 
there exists an unchecked buffer in
     the same log_print function of m5pre2 and prior, 
that can be exploited too. (remote ?)

[02] Proof of concept
     A proof of concept exploit can be found at:
     www.netric.org/advisories/pos_expl2.c
     
     An example exploit for the formatstring bug in 
m5pre1:
     www.netric.org/advisories/pos_expl.c

[03] Vendor response
     The vendor is informed, but has not responded yet.

Current thread:

bufferoverflow posadis m5pre2 eSDee (Apr 17)
- Re: bufferoverflow posadis m5pre - ( POC number 2 ) KF (Apr 17)