Vulnerability Development mailing list archives

Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.

From: zoa_chien () INAME COM (Zoa_Chien)
Date: Sat, 22 Apr 2000 08:53:02 +0200


At 19:28 21/04/00 -0400, you wrote:

I attempted to test this on two systems and could not produce any problems
at all handling the file created with the batch file command supplied. I am
running Win98 Lite (Internet Explorer and Outlook stripped out, with the
Win95 explore.exe as the shell for increased security, reliability, and
performance).

I use Eudora, which you claim will crash if you attach this file to a
message. Can you send me an example, and I'll let you know what if anything
happens?


If you want to make Eudora Pro crash (4.2.0.58), you need to use an even
much longer filename then the ones in the .bat file.
just adapt the filename in the .bat (you can replace the ALT-0160 chars in
the beginning of the file with a normal ascii value, that won't change much).

I sent you the file, i hope you still will be able to reply afterwards.
On my pc, i have to manually edit in.mbx and delete all aaaaa's in it, and
also remove the \spools\ directory before Eudora starts working again.

Oh, remember not to create those filenames on your desktop... (i haven't
tested this yet, but this could cause some problems.)

Bye...

Current thread:

Re: No-Exec Stack Smashing 101, (continued)
- Re: No-Exec Stack Smashing 101 Crispin Cowan (Apr 19)
  - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 20)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 20)
    - Re: No-Exec Stack Smashing 101 Mariusz Woloszyn (Apr 21)
    - Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Zoa_Chien (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Zoa_Chien (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Zoa_Chien (Apr 23)
    - koules again Kotz (Apr 21)
    - Re: koules again Ron DuFresne (Apr 21)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 25)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 26)
    - limited functionality accounts (was: Re: History Files) Alex Andrews (Apr 25)
    - Re: limited functionality accounts (was: Re: History Files) Rob Kouwenberg (Apr 28)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 26)
    - long file names in explorer.exe kj (Apr 26)

(Thread continues...)