There is a buffer overflow in Subseven 2.1a. It happens when you tell the server to execute a dos command > 315 chars long. Depending on how long it is, you can get it to quit quietly (not sure how long) plain crash (eip not written over) or trash every variable there. (Around 4000 i think.) Hell, I'm not sure if it's a bug in the OS (Win95 tested on) that can't handle it but anyway. An interesting side effect seems to be that stops connections to 139. I'm not sure if it affects others I haven't had the time, lately. The default install port is 27374, (assuming no password) type DOS xxxxx(lot's x's)xxxxx and the connection should drop. There is some script I wrote for the Nessus scanner (www.nessus.org) that'll get it to crash. Catch ya, Andrew Griffiths ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:18 PDT