Re: Neotrace v2.12a Buffer Overflow [?] (fwd)

[Jonathan Rickman <jonathan () XCORPS NET>]

> Someone sent this to us, wondering if there could be further exploitation
> of this buffer overflow. Since I am not an overflow guru, I decided to
> forward it to vuln-dev. Program error was caused after an extremely long
> string of [any character]. Also, the program doesn't do any checking to
> see if you are entering an IP address [valid or not] or domain name. We
> will let you buffer overflow gurus draw up conclusions about this, but in
> my opinion, it isn't a significant vulnerability. Neotrace [2.12a] was
> running on Windows 98SE when this occurred [the the best of my
> knowledge].

> NEOTRACE caused an invalid page fault in
> module <unknown> at 0000:41092626.
> Registers:
> EAX=00000000 CS=0167 EIP=41092626 EFLGS=00010206
> EBX=00000000 SS=016f ESP=0071f410 EBP=00ae96e0
> ECX=cfb1caf0 DS=016f ESI=00431c8c FS=13b7
> EDX=00000000 ES=016f EDI=00ae8b50 GS=0000
> Bytes at CS:EIP:


------------------------------------
On Windows 2000 Pro / Neotrace 2.10:

After about 3 minutes with a penny jammed between random keys to make long
strings, I get the following:

The instruction at "0x41097979" referenced memory at "0x41097979". The
memory could not be read.

No other useful info though...just confirms it happened on 2.10 as well.
I don't think it's significant either, but I figure the info might be
useful to someone.

---------------------
Jonathan Rickman
X-Corps Security
http://www.xcorps.net