Vulnerability Development mailing list archives
Re: Neotrace v2.12a Buffer Overflow [?]
From: Erik Tayler <nine () 14X NET>
Date: Fri, 1 Sep 2000 12:06:00 -0500
The person that sent this to me said they just pressed 'Trace'. I understand that there is nothing to gain from this, was just relaying a question for someone :) . Erik Tayler eEye Digital Security wrote:
I could be reading this wrong but... Are you saying that you entered a really long string into the Neotrace IP address box and then clicked "Trace" or whatever and it overflow? If that is the case then there is nothing really to gain because you cant elevate any privileges (Win9x, but even if it was NT your running as your own user) and this wouldn't be a remote hole so all in all there is nothing to gain. Then again you could have meant something like spoofing a return to the trace routing ip or something. Signed, Marc Maiffret Chief Hacking Officer eCompany / eEye T.949.349.9062 F.949.349.9538 http://eEye.com | -----Original Message----- | From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Erik | Tayler | Sent: Thursday, August 31, 2000 10:14 PM | To: VULN-DEV () SECURITYFOCUS COM | Subject: Neotrace v2.12a Buffer Overflow [?] | | | Someone sent this to us, wondering if there could be further | exploitation of | this buffer overflow. Since I am not an overflow guru, I decided | to forward | it to vuln-dev. Program error was caused after an extremely long string of | [any character]. Also, the program doesn't do any checking to see | if you are | entering an IP address [valid or not] or domain name. We will let | you buffer | overflow gurus draw up conclusions about this, but in my opinion, | it isn't a | significant vulnerability. Neotrace [2.12a] was running on | Windows 98SE when | this occurred [the the best of my knowledge]. | | NEOTRACE caused an invalid page fault in | module <unknown> at 0000:41092626. | Registers: | EAX=00000000 CS=0167 EIP=41092626 EFLGS=00010206 | EBX=00000000 SS=016f ESP=0071f410 EBP=00ae96e0 | ECX=cfb1caf0 DS=016f ESI=00431c8c FS=13b7 | EDX=00000000 ES=016f EDI=00ae8b50 GS=0000 | Bytes at CS:EIP: | | Stack dump: | 352b746c 00ae9600 0071f674 00000001 546f654e 65636172 7777203a 34312e77 | 656e2e78 26262674 26262626 26262626 26262626 26262626 26262626 26262626 | | ______________________ | Erik Tayler | 14x Network Security | http://www.14x.net |
Current thread:
- Neotrace v2.12a Buffer Overflow [?] Erik Tayler (Sep 01)
- Re: Neotrace v2.12a Buffer Overflow [?] eEye Digital Security (Sep 01)
- Re: Neotrace v2.12a Buffer Overflow [?] Erik Tayler (Sep 01)
- Re: Neotrace v2.12a Buffer Overflow [?] Juliano Rizzo (Sep 02)
- <Possible follow-ups>
- Re: Neotrace v2.12a Buffer Overflow [?] Juliano Rizzo (Sep 04)
- Re: Neotrace v2.12a Buffer Overflow [?] eEye Digital Security (Sep 01)