Firewall Wizards mailing list archives
Re: Buffer overflow in 95 and 98
From: "Michael H. Warfield" <mhw () wittsend com>
Date: Tue, 16 Nov 1999 10:17:02 -0500
On Mon, Nov 15, 1999 at 09:44:34AM -0500, Eric Toll wrote:
Is this an issue if boxes are behind firewall?
If this is (and it certainly appears to be) an issue where a client box running Windows 95 or Windows 98 encounters a long URL on a server and then barfs up on an exploit, then... Yes! This very much affects boxes behind a firewall. The firewall (at least most that I know of) is not going to parse the html pages and block a page because it contains a long file name file request embedded in it. The exploit can then to a reverse connection back out of the compromised box and connect back to the attacker. It is still a "cybermine" type attack where you have to get the chump to trip over your mine, though.
There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.
[...] Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- Buffer overflow in 95 and 98 Eric Toll (Nov 15)
- Re: Buffer overflow in 95 and 98 Michael H. Warfield (Nov 16)
- Re: Buffer overflow in 95 and 98 Joseph S D Yao (Nov 17)