Vulnerability Development mailing list archives
Re: Neotrace v2.12a Buffer Overflow [?] (fwd)
From: Jonathan Rickman <jonathan () XCORPS NET>
Date: Fri, 1 Sep 2000 21:04:02 -0400
Someone sent this to us, wondering if there could be further exploitation of this buffer overflow. Since I am not an overflow guru, I decided to forward it to vuln-dev. Program error was caused after an extremely long string of [any character]. Also, the program doesn't do any checking to see if you are entering an IP address [valid or not] or domain name. We will let you buffer overflow gurus draw up conclusions about this, but in my opinion, it isn't a significant vulnerability. Neotrace [2.12a] was running on Windows 98SE when this occurred [the the best of my knowledge].
NEOTRACE caused an invalid page fault in module <unknown> at 0000:41092626. Registers: EAX=00000000 CS=0167 EIP=41092626 EFLGS=00010206 EBX=00000000 SS=016f ESP=0071f410 EBP=00ae96e0 ECX=cfb1caf0 DS=016f ESI=00431c8c FS=13b7 EDX=00000000 ES=016f EDI=00ae8b50 GS=0000 Bytes at CS:EIP:
------------------------------------ On Windows 2000 Pro / Neotrace 2.10: After about 3 minutes with a penny jammed between random keys to make long strings, I get the following: The instruction at "0x41097979" referenced memory at "0x41097979". The memory could not be read. No other useful info though...just confirms it happened on 2.10 as well. I don't think it's significant either, but I figure the info might be useful to someone. --------------------- Jonathan Rickman X-Corps Security http://www.xcorps.net
Current thread:
- Re: Neotrace v2.12a Buffer Overflow [?] (fwd) Jonathan Rickman (Sep 02)