Vulnerability Development mailing list archives
Re: Yahoo pager
From: dis <dis () dislocated net>
Date: Fri, 1 Sep 2000 02:07:42 +0000
Blake Frantz wrote:The first few times I tried to crash YM I used random characters until YM prevented me from entering more. When I was figuring the buffer limit I used "a"'s, I don't think the character makes a difference.Version 3, 0, 0, 768 (which I run) has a character limit of 800 characters. You simply can't type in (or paste in) any more than that. Sean Whipkey
I certainly hope it's not relying on the client alone to keep larger URLs from being sent, and that the good people (ha) at Yahoo! actually fixed the buffer overflow. Could this overflow be triggered remotely? Could someone with a modified client send a longer URL with shellcode conveniently located and 0wn anyone they wanted? I (and anyone else who way paying attention) noticed EIP was overwritten.. if i really knew what i was doing (which i can pretend to), i'd look into this myself. -dis
Current thread:
- Re: Yahoo pager dis (Sep 01)