Re: efax

From: s1gnal_9 (s1gnal_9at_private)
Date: Wed Jan 16 2002 - 21:10:15 PST

Next message: Josha Bronson: "Complicated Disclosure Scenario"

Previous message: H D Moore: "Re: efax"
Maybe in reply to: H D Moore: "efax"
Next in thread: KF: "Re: efax - Exploitation info"
Reply: KF: "Re: efax - Exploitation info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More info about the overflow...

Straight from efax src.

<--snip--->
#define EFAX_PATH_MAX 1024
<--/snip--->

<--snip--->
char *p , buf [ EFAX_PATH_MAX ] = "" ;
<--/snip--->

<--snip--->
sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ;
<--/snip--->
the sprinf above causes the overflow..
-- 
_______________________________________________
Get your free email from http://sunos.com
Powered by Instant Portal

Next message: Josha Bronson: "Complicated Disclosure Scenario"
Previous message: H D Moore: "Re: efax"
Maybe in reply to: H D Moore: "efax"
Next in thread: KF: "Re: efax - Exploitation info"
Reply: KF: "Re: efax - Exploitation info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 22:43:11 PST