Full Disclosure mailing list archives
Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 30 Apr 2004 19:49:54 +0400
Dear Slotto Corleone, --Friday, April 30, 2004, 3:43:15 AM, you wrote to full-disclosure () lists netsys com: SC> - sphiro/libhttp/http_socks.c SC> int get_request(int type,struct sockaddr_in client,int sc,SSL *s) SC> ... SC> char buffer[MAX_READ +1]; SC> char auth_buff[MAX_READ+1]; SC> char filename[128]; SC> ... SC> ... <skipped> SC> sprintf(filename,"%s%s",config->webroot,request); <-- oops According to information you provided this is stack overflow, not heap. And in this very case it looks not to be exploitable, because behind filename boundaries sprintf() overwrites beginning of auth_buf. Of cause I may be wrong, full annalists of source code required to make conclusion. -- ~/ZARAZA Åñëè äàæå âû ïîëó÷èòå êàêîå-íèáóäü ïèñüìî, âû âñå ðàâíî íå ñóìååòå åãî ïðî÷èòàòü. (Òâåí) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Slotto Corleone (Apr 29)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Richard Johnson (Apr 29)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Slotto Corleone (Apr 30)
- <Possible follow-ups>
- H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Slotto Corleone (Apr 29)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) morning_wood (Apr 29)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Slotto Corleone (Apr 30)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) morning_wood (Apr 30)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) morning_wood (Apr 29)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) 3APA3A (Apr 30)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Slotto Corleone (Apr 30)
- Re: H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security) Richard Johnson (Apr 29)