Bugtraq mailing list archives

a few bugs ...

From: z33d () TENET PL (Maurycy Prodeus)
Date: Mon, 13 Mar 2000 14:31:23 -0000


Hi ...
Yesss, a few possible bugs:

1. In "Lotus Notes POP 1.0X" on NT platform. I'm not really sure ... if you
    send a very long username ( about 2kb ) it disconnects without any message.
    So it looks like classic buffer overflow :) I don't have enough time to
    check it ( to download this packet :) )

2. Mail agent programs like: standard ;P 'mail' from Berkeley Distribution or
   mutt, elm perhaps other :), use sendmail arguments to put email adress where
   luser wants to send mail. It's similar problem to crontab's or lpd's
   bugs. Example: if you put line with Reply-To: -X /dev/hda1 ;P or something
   like that :> to mail message and luser ( in this case root ) stupid pushes
   OK,OK,OK :) ( ofz he'd want to reply ) it may write/destroy file
   ( /dev/hda1 :] ). I know it isn't good example but I only wanted to show
   idea...

3. ntalkd from redhat distri or debian... in old version ( <=5.2rh and <=2.0db)
   (I don't want to be wrong so I will not write it's version  - aleph bounced;P
   sic! ) it's known and patched but there wasn't official post and it may be
   dangerous. There is fprintf() without format. Another hard to exploit bug :)

END. ;> so "a few" is more than 2. :))

---=|#####################################################################|=---
      z33d () tenet pl, talk.pl java's developer, security scans ...
                      Cellular phone: [+48] 603 50 67 01
            = There is no god, only sex, money and narcotics. =
          while true;do (cat /boot/vmlinuz)&;mkswap /dev/hda;done
---=|#####################################################################|=---

Current thread:

[ Hackerslab bug_paper ] Linux printtool get printer password, (continued)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
  - Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
  - RealPlayer and Comet Cursor Keela Robison (Mar 09)
    - Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
    - Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
    - Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
    - The Comet Cursor Sarah MacArthur (Mar 09)
    - Network File Resource Vulnerability Eric Hacker (Mar 09)
    - Re: Network File Resource Vulnerability David LeBlanc (Mar 11)
    - misc. cross site scripting issues Marc Slemko (Mar 12)
    - a few bugs ... Maurycy Prodeus (Mar 13)
    - Re: a few bugs ... Thomas Roessler (Mar 15)
    - Re: a few bugs ... Michal Zalewski (Mar 17)
    - Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
    - Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
    - Re: a few bugs ... Coke (Mar 20)
    - Re: a few bugs ... Daniel Jacobowitz (Mar 20)
    - Re: a few bugs ... Michal Zalewski (Mar 20)
    - DoS with NAVIEG PAUL VanDyke (Mar 17)
    - [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
    - Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)

(Thread continues...)