Buffer overflow or overrun?

From: Alberto Cozer (acozerat_private)
Date: Fri Apr 12 2002 - 09:20:54 PDT

Next message: incubus: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"

Previous message: MadHat: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Next in thread: Steven M. Christey: "Re: Buffer overflow or overrun?"
Reply: Steven M. Christey: "Re: Buffer overflow or overrun?"
Reply: Steven M. Christey: "Re: Buffer overflow or overrun?"
Reply: tcleary2at_private: "Re: Buffer overflow or overrun?"
Reply: Eric Vanborren: "Re: Buffer overflow or overrun?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, All!

I've been reading the last Microsoft advisories and one of the
vulnerabilities descriptions made me
think about buffer overrun.

The description for the HTTP header delimiters vulnerability sounds
like a buffer overflow, although
it is described as a buffer overrun. And the differences between
overflow and overrun are very well defined, but
it seems that someone is forgetting it.

I might be wrong, but what I understood from the technical description
is that the problem regards to
an overflow. Anyone have any idea on that, or knows the reason why it
is described like that?



Alberto Cozer
Future Technologies Digital Security
IBM Certified AIX System Specialist
acozerat_private
http://www.fti.com.br



*********************************************************
Future Technologies Seguranca Digital

Esta mensagem e de responsabilidade de seu autor.
Seu conteudo nao reflete necessariamente a opiniao da
empresa.
*********************************************************

Next message: incubus: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Previous message: MadHat: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Next in thread: Steven M. Christey: "Re: Buffer overflow or overrun?"
Reply: Steven M. Christey: "Re: Buffer overflow or overrun?"
Reply: Steven M. Christey: "Re: Buffer overflow or overrun?"
Reply: tcleary2at_private: "Re: Buffer overflow or overrun?"
Reply: Eric Vanborren: "Re: Buffer overflow or overrun?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 09:45:09 PDT