Vulnerability Development mailing list archives

Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.

From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Fri, 21 Apr 2000 21:12:47 -0500


On Fri, 21 Apr 2000, Bob Fiero wrote:

I attempted to test this on two systems and could not produce any problems
at all handling the file created with the batch file command supplied. I am
running Win98 Lite (Internet Explorer and Outlook stripped out, with the
Win95 explore.exe as the shell for increased security, reliability, and
performance).

I use Eudora, which you claim will crash if you attach this file to a
message. Can you send me an example, and I'll let you know what if anything
happens?


Your having stripped Internet Explorer and/or dropping in Win95
explore.exe might well be what has caused ths to not function on your end.

Course, my interest is in what you did to strip out Internet Explorer, it
was my understanding that doing so broked much of the OS....

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Current thread:

No-Exec Stack Smashing 101 Granquist, Lamont (Apr 19)
- Re: No-Exec Stack Smashing 101 Crispin Cowan (Apr 19)
  - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 20)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 20)
    - Re: No-Exec Stack Smashing 101 Mariusz Woloszyn (Apr 21)
    - Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Zoa_Chien (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Zoa_Chien (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Zoa_Chien (Apr 23)
    - koules again Kotz (Apr 21)
    - Re: koules again Ron DuFresne (Apr 21)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 25)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 26)
    - limited functionality accounts (was: Re: History Files) Alex Andrews (Apr 25)
    - Re: limited functionality accounts (was: Re: History Files) Rob Kouwenberg (Apr 28)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 26)

(Thread continues...)