Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities

From: KOJIMA Hajime (kjmat_private)
Date: Fri Feb 08 2002 - 00:16:51 PST

Next message: Jarno Huuskonen: "OT: Netscape security contact ?"

Previous message: Alun Jones: "Re: Infecting the KaZaA network?"
In reply to: Global InterSec Research: "[Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
Next in thread: Kris Kennaway: "Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In <017801c1b065$ba68f270$0b01a8c0@tomh61ib59mm58>,
"Global InterSec Research" wrote:
| 
|   As with many of the vulnerabilities in DeleGate, a SIGSEGV occurs
|   when attempting to strcpy() unexpectedly long strings.
|   In spite of attempts DeleGate makes to randomise the stack, we
|   were successful in overwriting the Extended instruction pointer.
|   Although the stack randomisation functions make things harder, they
|   do not make arbitrary command execution impossible.

  And, delegate has execve(2) trap (-Tx).  Can you break it?

- kjm

Next message: Jarno Huuskonen: "OT: Netscape security contact ?"
Previous message: Alun Jones: "Re: Infecting the KaZaA network?"
In reply to: Global InterSec Research: "[Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
Next in thread: Kris Kennaway: "Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 17:06:14 PST