As reported by i-kranat_private approximately a week ago, nobo (a back orifice scanning detector) has a buffer overflow problem that will crash the program remotely. Sending a UDP packet (larger than 1024 bytes) will give the error: A network error has ocurred: Message too long (10040-92) Sending 15 of these packets (the minimum required) will crash nobo (stack fault in kernel32.dll), with NOTHING recorded to the log file or to the screen. I tested this against nobo 1.2 from both Windows 98 and linux, giving the same results. Using 'assault' (included with the mIRC script "7th sphere", I believe) in Windows, for example, I was able to send 15 UDP packets at 1025 bytes in size, crashing my nobo. In linux, I was able to crash my nobo by echoing a string 1025 characters in length, piping it through nc (with the -u flag), and repeating 14 more times. I'm sure some nice scripts could be written to do this to a class C subnet. The only drawback to this is that it would be rather bandwidth-intensive (15 x 1025 bytes x 255). ---------- gavinaat_private k3nny or ChazeFroy on Efnet IRC
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:34 PDT