Vulnerability Development mailing list archives

Re: Administrivia: List Announcement

From: Valdis.Kletnieks () vt edu
Date: Thu, 15 May 2003 02:52:03 -0400

On Tue, 13 May 2003 15:11:05 EDT, Bernie Cosell <bernie () fantasyfarm com>  said:

that's clearly off by one and so the loop will run at least one char past 
the end of buf1, clobbering one byte beyond the end of the chunk of space 
that got malloc'ed for buf1.

What harm that causes is hard to evaluate, though, isn't it?  Doesn't it 
depend a lot on how a particular C compiler lays things out and how the 
libraries (in particular, malloc) work and what else the program has been 
doing?


Amazingly enough, the hole in XNTPD a while back was just this - a one byte
overflow.  It was possible to leverage that into a complete remote exploit.

Attachment: _bin
Description:

Current thread:

Administrivia: List Announcement Dave McKinney (May 13)
- Re: Administrivia: List Announcement David Riley (May 13)
  - Re: Administrivia: List Announcement Benjamin A. Okopnik (May 13)
    - Re: Administrivia: List Announcement Edinelson Keiji Shimokawa (May 14)
- Re: Administrivia: List Announcement Brian Hatch (May 13)
  - Re: Administrivia: List Announcement Wojciech Purczynski (May 14)
  - Re: Administrivia: List Announcement Luciano Miguel Ferreira Rocha (May 14)
- vulndev-1.c challenge (was Re: Administrivia: List Announcement) Bennett Todd (May 13)
- Re: Administrivia: List Announcement Bernie Cosell (May 13)
  - Re: Administrivia: List Announcement Valdis . Kletnieks (May 15)
- partial analysis of vulndev-1.c David R. Piegdon (May 13)
  - Re: partial analysis of vulndev-1.c Dana Epp (May 13)
  - Re: partial analysis of vulndev-1.c master of chaos - lord of mean (May 13)
    - RE: partial analysis of vulndev-1.c David Schwartz (May 13)
    - Re: partial analysis of vulndev-1.c Nexus (May 14)
    - Re: partial analysis of vulndev-1.c andrewg (May 13)
- Re: Administrivia: List Announcement Mr. Rufus Faloofus (May 13)
- RE: Administrivia: List Announcement Cameron Brown (May 13)
  - RE: Administrivia: List Announcement Shafik Yaghmour (May 13)
    - RE: Administrivia: List Announcement Cameron Brown (May 13)

(Thread continues...)