Re: Telnetd AYT overflow scanner and linux telnet 0.17

From: H D Moore (hdmat_private)
Date: Tue Jul 31 2001 - 11:20:54 PDT

Next message: H D Moore: "Re: Telnetd AYT overflow scanner and linux telnet 0.17"

Previous message: knud_erik højgaard: "'non-rfc' compliant ping command in win98/win2k - or?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Two minor corrections, the caffiene hadn't kicked in yet:

On Tuesday 31 July 2001 01:02 pm, H D Moore wrote:
> Linux telnetd is very buggy, whether or not it is exploitable is a
> different story.  By sending many AYT's, you overwrite the netoprintf
> variable with the string "\r\n[ hostname : yes]\r\n", which will eventually

netoprintf is the function, netobuf is the buffer we smash.

> How to calculate the number of bytes each AYT request causes to be written
> to netoprintf:

Same as above.

-HD

Next message: H D Moore: "Re: Telnetd AYT overflow scanner and linux telnet 0.17"
Previous message: knud_erik højgaard: "'non-rfc' compliant ping command in win98/win2k - or?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 11:32:25 PDT