| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro) Subject: About eMule web server "Buffer Overflow" discovered vulnerability Hi again, Umm , i've read in the website of my friend , 3APA3A , ( security.nnov.ru ) a person discovered a supposed "Buffer Overflow" in the eMule webserver used for remote administration. It is not a Buffer Overflow , you don't corrupt the stack and then insert data to gain shell access or similar and definately it is not a non-remote exploitable buffer oveflow, it is only a typical Denial of Service attack against an incorrect data handler with the only protection of the user side. So , if you read one of my past advisories you can see my advisory about Sambar Server search.pl Buffer Overflow, it was wrong too xD , i was confused but long time passed since that advisory. Its common to confuse the DoS attacks and Buffer Overflows. NOTE: the search.pl script of sambar had the same problem , an incorrect input data handler that allowed to make DoS attacks against the sambar webserver and the perl executable ( i wrote Buffer Overflow due to this , i didn't know if the perl executable could allow to corrupt the stack or similar ), so it was only a DoS , simple and easy. Best regards to all, PS: can somebody tell me about the l0l experssion ? is it laughting on the loud ? xD a stupid question i know ! ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________
Powered by blists - more mailing lists