lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Mar 2004 17:58:58 +0000 From: Luigi Auriemma <aluigi@...ervista.org> To: bugtraq@...urityfocus.com, bugs@...uritytracker.com, news@...uriteam.com, full-disclosure@...ts.netsys.com Subject: Buffer overflow in PicoPhone 1.63 ####################################################################### Luigi Auriemma Application: Picophone http://www.vitez.it/picophone/ Versions: <= 1.63 Platforms: Windows Bug: buffer overflow in the logging function Risk: high Exploitation: remote Date: 24 Mar 2004 Author: Luigi Auriemma e-mail: aluigi@...ervista.org web: http://aluigi.altervista.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== PicoPhone is an Internet phone application with chat written by Marko Vitez (http://www.vitez.it). ####################################################################### ====== 2) Bug ====== PicoPhone has a logging function enabled by default letting users to log any incoming call and message. This function is vulnerable to a buffer-overflow letting an attacker to take control of the PicoPhone server. ####################################################################### =========== 3) The Code =========== http://aluigi.altervista.org/poc/picobof.zip ####################################################################### ====== 4) Fix ====== Version 1.64 ####################################################################### --- Luigi Auriemma http://aluigi.altervista.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists