Re: Mail-Max Remote Buffer Overflow Exploit

From: der Mouse (mouseat_private)
Date: Mon Feb 15 1999 - 22:05:02 PST

Next message: James FitzGibbon: "Re: NetApp Filer software versions 5.x: potential hardware killer"

Previous message: Cory Visi: "RedHat sysklogd vulnerability"
Maybe in reply to: pw: "Mail-Max Remote Buffer Overflow Exploit"
Next in thread: pw: "Re: Mail-Max Remote Buffer Overflow Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> When putting code in the buffer to execute there are no major
> restrictions on character set.  The only character I found to
> interfere besides null was 17h (ret).

It's not clear which character you're referring to here.

RET is not one of the ASCII mnemonics.  You could plausibly be
referring to CR, carriage return, or NL, newline (the latter also known
as LF, line feed).  CR is octal 15, hex 0d, decimal 13, while NL is
octal 12, hex 0a, decimal 10.

17 hex is ETB.  17 octal is SI.  17 decimal is DC1.

					der Mouse

			       mouseat_private
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: James FitzGibbon: "Re: NetApp Filer software versions 5.x: potential hardware killer"
Previous message: Cory Visi: "RedHat sysklogd vulnerability"
Maybe in reply to: pw: "Mail-Max Remote Buffer Overflow Exploit"
Next in thread: pw: "Re: Mail-Max Remote Buffer Overflow Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:09 PDT