lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040324175858.1e35bcbe.aluigi@altervista.org> From: aluigi at altervista.org (Luigi Auriemma) Subject: Buffer overflow in PicoPhone 1.63 ####################################################################### Luigi Auriemma Application: Picophone http://www.vitez.it/picophone/ Versions: <= 1.63 Platforms: Windows Bug: buffer overflow in the logging function Risk: high Exploitation: remote Date: 24 Mar 2004 Author: Luigi Auriemma e-mail: aluigi@...ervista.org web: http://aluigi.altervista.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== PicoPhone is an Internet phone application with chat written by Marko Vitez (http://www.vitez.it). ####################################################################### ====== 2) Bug ====== PicoPhone has a logging function enabled by default letting users to log any incoming call and message. This function is vulnerable to a buffer-overflow letting an attacker to take control of the PicoPhone server. ####################################################################### =========== 3) The Code =========== http://aluigi.altervista.org/poc/picobof.zip ####################################################################### ====== 4) Fix ====== Version 1.64 ####################################################################### --- Luigi Auriemma http://aluigi.altervista.org
Powered by blists - more mailing lists