| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 12 May 2003 09:57:58 -0000 From: subj <r2subj3ct@...lan.org> To: bugtraq@...urityfocus.com Subject: [Drug and Zip] Buffer Overflow ==================================== - > Product: Drag and Zip - > Version: 3.0 - > Offsite: http://www.canyonsw.com - > Authors: Canyon Software - > Problem: Buffer Overflow ==================================== ** General Description ** The vulnerability found by me in this product, does not represent the big danger but to describe and declare it(her) all the same I has found necessary. Overflow of the buffer, occurs because of very big name of a file which we try to pack. If it is long a file exceeds 255 symbols, the window with the message on overflow drops out. As well as it is necessary to expect, the program falls, in result and not having packed a file. ** Exploit ** Zip Filename: AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA or Zip filename: 256 Symbols of any dust ** Solution ** What decision erasing this problem independently, without intervention of authors of the program, me it was found not. ** Note ** At overflow values eax and edx so in given by a case introduction of an any code can be possible vary. ** Contacts ** r2subj3ct@...lan.org subj@...swd.cc www,dwcgr0up.com | www.dwcgr0up.com/subj/ irc.irochka.net *dwc *phreack *global *dhg ** Greeting ** J0k3r, D4rkGr3y, DethSpirit, r4ShRaY, Kabuto, fnq, agenox, L0vCh1Y, DiZHarM, cybeast, Foster, Moby, ORB, MORPFEY, drG4njubas 3APA3A, DHG, Gipshack, BlackTigerz, rsteam, p0is0n, Security.nno.ru HNCrew. And all who i know...
Powered by blists - more mailing lists