| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000001c328e1$d4ccf3a0$0100a8c0@grotedoos> Date: Mon, 2 Jun 2003 09:40:22 +0200 From: "Berend-Jan Wever" <SkyLined@...p.tudelft.nl> To: "D4rkGr3y" <grey_1999@...l.ru>, <bugtraq@...urity.nnov.ru>, <bugtraq@...urityfocus.com> Subject: Re: Tornado www-server v1.2: directory traversal, buffer overflow I've done a quick debugging session: The overflow does not seem exploitable other then a DoS. What happens is that there is not enough heap to hold the long strings so it writes past the heap to a location where no memory is allocated. This will cause an unhandled exception. Kind regards, Berend-Jan Wever. ----- Original Message ----- From: "D4rkGr3y" <grey_1999@...l.ru> To: <bugtraq@...urity.nnov.ru>; <bugtraq@...urityfocus.com> Sent: Friday, May 30, 2003 1:09 Subject: Tornado www-server v1.2: directory traversal, buffer overflow <snip> > This server is one BiG problem. IMHO is most dangerous server. > Main bug in DNA ;D Attacker may see any files in system (but > only if he know path and filename), may crash server (and exec > malicious code) by sending long http request. Examples: > > www.server.com/../existing_file <-file be showed > > www.server.com/aa[more than 471 chars] > | | > #--------------------------------------------------------------# > | Exploit: | > ~~~~~~~~ > > Naah, its not interesting. Lets authors code something better. <snip>
Powered by blists - more mailing lists