[STX] Multiple Security Vulnerabilities

From: ace@static-x.org
Date: Thu Jul 03 2003 - 10:39:11 PDT

Next message: seat_private: "[Full-Disclosure] When full disclosure is the only way..."

Previous message: Secure Net Service(SNS) Security Advisory: "[SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Multiple files vulnerable to a buffer overflow: - gnuchess is an updated version of the GNU chess playing program. It has a simple alpha-numeric board display, an IBM PC compatible interface, or it can be compiled for use with the chesstool program on a SUN workstation or with the xboard program under X-windows. - gnuan produces an analysis of a chess game. For each move it shows the move, the score and the principle variation selected by gnuchess. - isdnrep reads the isdnlog log files, generates reports, does statistics, and other things. It can also generate HTML output for use with a web server. ; By default the above are not suid. proof of concept code for the above can be found at: http://www.static-x.org/hax.php?pwned=code

Next message: seat_private: "[Full-Disclosure] When full disclosure is the only way..."
Previous message: Secure Net Service(SNS) Security Advisory: "[SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 03 2003 - 16:44:43 PDT