Bugtraq mailing list archives
ircii-pana (BitchX) 74p4 overflow - exploit/fix
From: lcamtuf () BOSS STASZIC WAW PL (Michal Zalewski)
Date: Mon, 25 May 1998 13:28:08 +0200
-- Risk -- Hemm, after a few minutes, I'm sure BitchX buffer overflow IS exploitable. I tried about 3000 'A' letters followed by original .plan, and got: Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () I'm assuming almost anyone is able to modify less or more generic shellcode. -- Fix -- "All new dgets -- no more trap doors!" - that's from newio.c :-))) Hemm?:) Here's fix, sufficient at least in above situation. --- newio.c.orig Tue Nov 18 04:49:28 1997 +++ newio.c Mon May 25 13:25:58 1998 @@ -296,7 +296,7 @@ { if (((str[cnt] = ioe->buffer[ioe->read_pos++])) == '\n') break; - cnt++; + if (++cnt>=BIG_BUFFER_SIZE) ioe->read_pos=ioe->write_pos; } /* _______________________________________________________________________ Michal Zalewski [lcamtuf () boss staszic waw pl] <= finger for pub PGP key Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] [echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
Current thread:
- ircii-pana (BitchX) 74p4 overflow Michal Zalewski (May 25)
- ircii-pana (BitchX) 74p4 overflow - exploit/fix Michal Zalewski (May 25)
- Re: ircii-pana (BitchX) 74p4 overflow - exploit/fix Richard Braakman (May 28)
- Re: ircii-pana (BitchX) 74p4 overflow Brian Weiss (May 26)
- IRIX 6.3 NetWare Client 1.0 Vulnerabilities SGI Security Coordinator (May 27)
- IRIX 6.4 diskperf/diskalign Vulnerabilities SGI Security Coordinator (May 27)
- <Possible follow-ups>
- Re: ircii-pana (BitchX) 74p4 overflow Rich Lafferty (May 27)
- Re: ircii-pana (BitchX) 74p4 overflow Brian Weiss (May 27)
- ircii-pana (BitchX) 74p4 overflow - exploit/fix Michal Zalewski (May 25)