Vulnerability Development mailing list archives
Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.
From: john () THREEBS COM (John Swensson)
Date: Sat, 22 Apr 2000 13:29:13 -0700
I have tested this on Win2000 , and failed to reproduce any problems. I was using the server not the workstation, but that should not make a difference. However I was not able to open the file with notepad or wordpad, even after adding a .txt to the end of the file name. I'm guessing this is just a limitation of notepad and wordpad. On Sun, 23 Apr 2000, Thomas Dullien wrote:
On Sat, 22 Apr 2000 09:02:35 -0500, Ron DuFresne wrote:Bob, Thanks for the info. Just what I was asking about fer sure. And then it seems that EI is not the sole culprit in this little nasty. Has anyone looked to see if this works on NT and or 2000?Under my NT configuration I cannot reproduce any problems :) As 2k is basically NT on DirectX I _assume_ this shouldn't produce any problems either. I have had a short look at the capability of exploiting the long filenames under 98 in the explorer. In my case, a single click will already be enough to kill it, but I assume this could vary on 95. Exploiting is gonna be a bitch as no registers point to our buffers. If you walk the stack upwards you can under certain circumstances find a pointer into the extension at ESP+0x1CC or ESP+0x1EC or the like, this could already provide us with the pointer we need. I will look at it on monday. Anyone wanna do a joint disassembly/analysis of the prblem ? Thomas Dullien dullien () gmx de Win32 Security Consultant ;-> Hire me !
Current thread:
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions., (continued)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- buffer overflow??? Cyber_Bob (Apr 23)
- Re: buffer overflow??? Przemyslaw Frasunek (Apr 23)
- Re: buffer overflow??? Sebastian (Apr 23)
- Re: buffer overflow??? Markus Kern (Apr 23)
- exploit for W98 long filenameextensions buffer overflow. Laurent Eschenauer (Apr 23)
- Re: buffer overflow??? Blue Boar (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Thomas Dullien (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. James Dyson (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Arturo Busleiman (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Blue Boar (Apr 23)
- Securax Extension overflow update. Securax (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Octavian (Apr 23)