Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Administrivia #5218

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Fri, 21 Jan 2000 21:29:25 -0800

Ok, gotta kill the snprintf thread.  I'll be dropping the rest of those
posts unless there's something particular interesting.  If someone has
a pointer to a list of broken libs/OSes containing a bad snprintf, I'll
post that.  I'd also be curious to see a package or two that tires
to be careful and use snprintf, but fails for some interesting reason.

As for the last call for packages to break:

I've had a vote for Exchange/MS SMTP.  I'd be happy to run that one,
but that's going to be a little more difficult than average for
most folks to get to play with.  If someone wants to volunteer
an Exchange server (their own!), that would work.

It would also be useful IMHO to poke at a Windows firewall or
two, perhaps BlackICE or something else.  Something folks can
download a free demo version of.

(We've been neglecting our Windows users.)

I'm told there's an overflow in this package:

http://www.capsi.com/src/bigbrotherwebstats/

I'm told there are unpublished exploits for this package:

http://www.nswc.navy.mil/ISSEC/CID/

Finally, I agree that ICQ could use some looking at.  Obviously,
there IS a problem, as discussed on Bugtraq.  By design, Bugtraq
doesn't allow for a lot of discussion, which we can do here.  I
consider things like ICQ and AIM and MS Chat particularly nasty, as
they find their way out from behind firewalls so well, and constitute
a server on your inside clients.

                                                BB
Previous By Date Next
Previous By Thread Next

Current thread: