Full Disclosure mailing list archives

Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS

From: Knud Erik Højgaard <kain () ircop dk>
Date: Wed, 20 Feb 2002 00:13:24 +0100

Grégory Le Bras | Security Corporation wrote:

.: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
________________________________________________________________________

Security Corporation Security Advisory [SCSA-005]
________________________________________________________________________


[snip]

Sending a parameter with a buffer of 1024 bytes in length or more,
causes Proxomitron Naoko to crash.

This vulnerability can be easily exploited to execute code.

Exploitation example :

c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

[snip A's]

AAAAAAAAAAAAAAAAAAAA


Could you perhaps provide a real-world example where this might be used to
gain additional privileges? I fail to see the useful bit in this
vulnerability.

--
Knud

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS Grégory Le Bras | Security Corporation (Feb 19)
- Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS Knud Erik Højgaard (Feb 19)