lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200512160859.50614.fdlist@digitaloffense.net>
Date: Fri Dec 16 15:00:19 2005
From: fdlist at digitaloffense.net (H D Moore)
Subject: iDEFENSE Security Advisory 12.06.05: Ipswitch

This may not be a limitation if you can use the argument-skipping syntax 
in msvcrt (ie. %4000$x).

-HD

On Friday 16 December 2005 08:32, FistFucker wrote:
>I don't think it's > exploitable because the user controlled string is
>many thousand bytes away from the stack pointer and you can only send 512
>bytes  to the SMTP daemon.
[snip]
> If someone was able to exploit this, I would be interested in exploit
> code or an explanation to learn from him.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ