Vulnerability Development mailing list archives

Re: efax

From: "s1gnal_9 " <s1gnal_9 () sunos com>
Date: Thu, 17 Jan 2002 13:10:15 +0800

More info about the overflow...

Straight from efax src.

<--snip--->
#define EFAX_PATH_MAX 1024
<--/snip--->

<--snip--->
char *p , buf [ EFAX_PATH_MAX ] = "" ;
<--/snip--->

<--snip--->
sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ;
<--/snip--->
the sprinf above causes the overflow..
-- 
_______________________________________________
Get your free email from http://sunos.com
Powered by Instant Portal

Current thread:

efax H D Moore (Jan 15)
- Re: efax Bernhard Rosenkraenzer (Jan 15)
  - Re: efax H D Moore (Jan 15)
    - Re: efax Blue Boar (Jan 15)
    - Re: efax H D Moore (Jan 16)
    - Re: efax KF (Jan 16)
    - Re: efax sysop (Jan 16)
- <Possible follow-ups>
- Re: efax H D Moore (Jan 16)
- Re: efax s1gnal_9 (Jan 16)
  - Re: efax - Exploitation info KF (Jan 17)