lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed Jun  8 19:40:10 2005
From: Stephen.Blass at asu.edu (Stephen Blass)
Subject: Microsoft Windows and *nix Telnet Port
	NumberArgument Obfuscation

It is a buffer overflow of sorts when a fixed length integer (or real or
double) like the telnet port argument exceeds the expected range and
mods out to become equal to the remainder that is left when the highest
order bits that don't fit get thrown away.  In the telnet port case it
may not be a real 'vulnerability' but it is a reasonably good example of
unchecked arguments allowing for unexpected behavior.   In the telnet
port case the overly large port number has already been crammed into the
available bits by the time the code could check it anyway.  So how would
one teach telnet to throw away bogus port arguments that are too big
then?  What about with dotted quads whose parts exceed 255?  You might
use string arguments but then you have to watch for string overflows
which have plagued us for years and occasionally still do.

That you can connect to a mail host on port 25 by typing  telnet
mailhost 65561 is either interesting or unsettling depending on your
point of view.  In either case it is probably worth understanding if
you're the security guru on site or you write network code.

-
Steve








-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Richard
John L Contractor 611 ACF/SCO
Sent: Wednesday, June 08, 2005 9:20 AM
To: 'Full Disclosure'
Subject: RE: [Full-disclosure] Microsoft Windows and *nix Telnet Port
NumberArgument Obfuscation

I agree with the individual below...some of us are still new to this
vulnerability thing (I for one) and appreciate lurking hear and taking
it all in...as a matter of fact, I'd love to have the original poster,
re-post...I was talking to a few others who had no idea about this and
they'd love to see the article (which I'd deleted - for some reason???)

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Arjan van
der Velde
Sent: Wednesday, June 08, 2005 00:05
To: 'Andrew Haninger'; nick@...us-l.demon.co.uk
Cc: 'Full Disclosure'
Subject: RE: [Full-disclosure] Microsoft Windows and *nix Telnet Port
NumberArgument Obfuscation


Hi,

I like reading posts in here to learn from. It would be good not to be
too hostile against people asking questions you already know the answer
for or even have known it for ages already. If I were to ask a question
I would like to be educated or at least pointed in the right direction.
Some replies really discourage people from asking.

- Arjan 


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Andrew
Haninger
Sent: Wednesday, June 08, 2005 9:08
To: nick@...us-l.demon.co.uk
Cc: Full Disclosure
Subject: Re: [Full-disclosure] Microsoft Windows and *nix Telnet Port
NumberArgument Obfuscation

On 6/7/05, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> This has been known since Adam was a cowboy.
Well, this /is/ full-disclosure, no? Best to tell than to withhold.

And while I would hope that there aren't a rash of old-school
vulnerabilities blowing through the list, I, for one, was unaware that
you could specify telnet ports like that. I wouldn't be surprised if I'm
not alone. Now I'll know what's up if I ever see stuff like this.

Though it does worry me a bit that this came from a @cisco.com address.
Shouldn't they be kind of *YAWN* about all things networking?

--
Andy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ