Vulnerability Development mailing list archives

RE: TTP/1.0 Remote BufferOverflow?

From: Jim Stickley <jim () garrison com>
Date: Fri, 26 Apr 2002 08:28:17 -0700

Generally when a server returns an error like the one listed below it means
that it didn't buffer overflow.  In most cases if you overflow the buffer,
the connection will just drop.

From the looks of the error message below, the server didn't like what you

sent, but it seems to have handled it.

        -Jim

-----Original Message-----
From: Felipe Cerqueira [mailto:fcerqueira () bufferoverflow com br]
Sent: Thursday, April 25, 2002 8:59 PM
To: vuln-dev () security-focus com
Subject: TTP/1.0 Remote BufferOverflow?



TTP is a httpd server for HP Print Server

Check this out:

HEAD / HTTP/1.0

HTTP/1.0 200 OK
Server:HTTP/1.0
Content-Type:text/html

.. .

GET A*lot+of+bytes HTTP/1.0
<\n\n>

 500 Internal Server Error

<HEAD><TITLE>500 Internal Server Error</TITLE></END>
<BODY><H1>500 Internal Server Error</H1></BODY>Connection closed by
foreign host

someone can verify it?
thankz


- --
sky

7218 2AFF 6166 9692 8BAA
ACA3 64E9 3941 B6E7 88E7

Current thread:

TTP/1.0 Remote BufferOverflow? Felipe Cerqueira (Apr 26)
- <Possible follow-ups>
- TTP/1.0 Remote BufferOverflow? Felipe Cerqueira (Apr 26)
- RE: TTP/1.0 Remote BufferOverflow? Jim Stickley (Apr 26)