Accept overflow on Netscape Enterprise Server 3.6 SP2

From: Nobuo Miwa (n-miwaat_private)
Date: Sun Sep 12 1999 - 08:17:46 PDT

Next message: Cornelius Krasel: "elm filter program"

Previous message: Peter van Dijk: "Re: fixing all buffer overflows --- random magin numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I found a vulnerability in "Enterprise 3.6 SP 2 SSL Handshake fix"..
I sent a malformed URL to the server and its service was dead.

Its URL is following...

  GET / HTTP/1.0
  Accept: aaaaaaaaaaaaaa...2000byte/gif

Ofcourse you must be able to execute small code you like with
"long Accept" command(just like htr problem on IIS).

I've reported this to Netscape on 31st Aug. They've just
finished making the patch(maybe SP3). It must be released soon.
I'm gonna post this to BUGTRAQ after they release the patch, but
someone posted it to some other mailing lists. So I decided
to post it to here today.

Thanks,
Nobuo Miwa(Moderator of BUGTRAQ-JP)

Next message: Cornelius Krasel: "elm filter program"
Previous message: Peter van Dijk: "Re: fixing all buffer overflows --- random magin numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:10 PDT