-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, A popular pks public key server available from http://www.mit.edu/people/marc/pks/pks.html is vulnerable to buffer overflow attack. A long enough (> 256b) search request will crash the service. It is as simple as this: gpg --search-keys `perl -e "print 'A'x512"` or, without gpg, echo -e "GET /pks/lookup?op=index&search=`perl -e "print 'A'x512"`"| nc keyserver-host 11371 Fortunately (or unfortunately) in order to exploit remote execution, the code should be isalnum() string and should be able to survive tolower() conversion. But it is possible to write, especially for systems with locales, where 0x80..0xff are printable characters. Thanks, Max. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE87sEN8mCpXsrcXpwRAiBoAJ9UjT7+XPoBJ0COO/W5gIHHFYmOygCgm80Y oIAccr98kivYr2KsuF4SFzg= =9quB -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri May 24 2002 - 17:33:09 PDT