Vulnerability Development mailing list archives

Re: BitchX /ignore bug

From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Fri, 7 Jul 2000 16:11:25 +0200


Steve Mosher wrote:


        I'm willing to bet that code witten by those who write script-kid
exploits is probably of the most secure around.


Hehe, no, sorry to disappoint you. It isn't. They are quick, dirty
hacks that do everything from "plain not work" to do buffer overruns
and printf exploits on themselves.

I picked apart ping of death v2 half a year ago and wheeeee were
there some fun things in it. The most interesting one was where
the "send mangled IP buffer" piece did a buffer overrun on itself
and shuffled lots of its stack data across the internet, including
the EIP and lots of other interesting stuff :-)

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson () enternet se

Current thread:

wwwboard my help reveal user name and password, (continued)
- - - wwwboard my help reveal user name and password Julian Linton (Jul 07)
    - Re: wwwboard my help reveal user name and password Shelagh Pepper (Jul 07)
    - Re: wwwboard my help reveal user name and password Shadowboxer (Jul 07)
    - Re: wwwboard my help reveal user name and password Jason Legate (Jul 07)
    - Re: wwwboard my help reveal user name and password Simon Hughes (Jul 11)
    - About all the default password databases... Mikael Olsson (Jul 07)
    - Re: About all the default password databases... Roelof Temmingh (Jul 07)
    - Re: About all the default password databases... Jonathan Leto (Jul 07)
    - Re: About all the default password databases... Phenoelit (Jul 08)
    - Re: BitchX /ignore bug Steve Mosher (Jul 07)
    - Re: BitchX /ignore bug Mikael Olsson (Jul 07)
    - Re: BitchX /ignore bug Steve Mosher (Jul 08)
    - The AOL Spyware Maxime Rousseau (Jul 07)
    - Re: The AOL Spyware Mikael Olsson (Jul 07)
    - Re: The AOL Spyware Masial (Jul 08)
    - Re: The AOL Spyware Mikael Olsson (Jul 08)
    - Re: The AOL Spyware info (Jul 13)
    - Re: BitchX /ignore bug Bluefish (Jul 07)
    - Re: BitchX /ignore bug Slawek (Jul 07)
    - Re: BitchX /ignore bug Arturo Busleiman (Jul 07)
    - Re: BitchX /ignore bug Crispin Cowan (Jul 07)

(Thread continues...)