Bugtraq mailing list archives

Re: false alarm: query cgi problem

From: mouse () Holo Rodents Montreal QC CA (der Mouse)
Date: Fri, 10 Jan 1997 12:03:22 -0500

For anyone who cares, the buffer overflow in the query cgi is not
exploitable.  This is because the exploit requires 21,000+ bytes, and
the maximum size for a URL is 1024 bytes.  That is how it is defined
in the RFC.


That doesn't necessarily mean it's not exploitable; it depends on what
the web server in question does with URLs that violate the RFC.  If the
web server truncates, dumps the request, or something similar, you're
okay - but if it is liberal in what it accepts and is willing to handle
URLs 21K long, you could still be in trouble.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

false alarm: query cgi problem Apropos of Nothing (Jan 09)
- <Possible follow-ups>
- Re: false alarm: query cgi problem der Mouse (Jan 10)
- Re: false alarm: query cgi problem Zygo Blaxell (Jan 10)