Full Disclosure mailing list archives
About eMule web server "Buffer Overflow" discovered vulnerability
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Fri, 24 Oct 2003 16:12:59 +0200
Hi again, Umm , i've read in the website of my friend , 3APA3A , ( security.nnov.ru ) a person discovered a supposed "Buffer Overflow" in the eMule webserver used for remote administration. It is not a Buffer Overflow , you don't corrupt the stack and then insert data to gain shell access or similar and definately it is not a non-remote exploitable buffer oveflow, it is only a typical Denial of Service attack against an incorrect data handler with the only protection of the user side. So , if you read one of my past advisories you can see my advisory about Sambar Server search.pl Buffer Overflow, it was wrong too xD , i was confused but long time passed since that advisory. Its common to confuse the DoS attacks and Buffer Overflows. NOTE: the search.pl script of sambar had the same problem , an incorrect input data handler that allowed to make DoS attacks against the sambar webserver and the perl executable ( i wrote Buffer Overflow due to this , i didn't know if the perl executable could allow to corrupt the stack or similar ), so it was only a DoS , simple and easy. Best regards to all, PS: can somebody tell me about the l0l experssion ? is it laughting on the loud ? xD a stupid question i know ! ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- About eMule web server "Buffer Overflow" discovered vulnerability Lorenzo Hernandez Garcia-Hierro (Oct 24)
- <Possible follow-ups>
- Re: About eMule web server "Buffer Overflow" discovered vulnerability Lorenzo Hernandez Garcia-Hierro (Oct 24)