| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <29289413.1198675497273.JavaMail.root@elwamui-lapwing.atl.sa.earthlink.net> Date: Wed, 26 Dec 2007 08:24:57 -0500 (GMT-05:00) From: Elazar Broad <elazarb@...thlink.net> To: Valdis.Kletnieks@...edu, reepex <reepex@...il.com> Cc: Elazar Broad <elazarb@...thlink.net>, full-disclosure@...ts.grok.org.uk Subject: Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows Thanks for the clarification Vladis. To me the A's are kind of like the UV dye that they put in an AC system when looking for leaks... Elazar -----Original Message----- >From: Valdis.Kletnieks@...edu >Sent: Dec 26, 2007 1:28 AM >To: reepex <reepex@...il.com> >Cc: Elazar Broad <elazarb@...thlink.net>, full-disclosure@...ts.grok.org.uk >Subject: Re: [Full-disclosure] AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows > >On Tue, 25 Dec 2007 21:53:29 CST, reepex said: > >> How does a bunch of 'A's prove something is exploitable? > >If a bunch of A's causes the EIP to end up as x'41414141', it's 95% of the >way to being an exploit. If it gets you some *other* crash, it's probably >at least 30% to 40% of the way to an exploit. > >Go back and read the analysis of the NTP buffer overflow from a number of years >back. Truly a classic - they managed to leverage a *one byte* overflow into >a complete and total rooting of the box. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists