Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: buffer overflow in dbadmin

Re: buffer overflow in dbadmin

duke (dukeVIPER.NET.AU)
Fri, 9 Oct 1998 03:02:53 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jean-Christophe Touvet: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"
Previous message: Dave Van Allen: "Re: SCO Openserver 5.0.5 syn-floodable"
Maybe in reply to: NACS Security Administrator: "buffer overflow in dbadmin"

>

hi,

> dbadmin.c:    strcpy(op_temp,curField->name);
> dbadmin.c:      strcat(rec_new,curField->name);

both op_temp and rec_new are malloc()'d so they are safe enough. dbadmin
still looks exploitable however from:

    strcat(qbuf,thetable);

qbuf is not malloc'd but is a global variable.

-- Mark

Next message: Jean-Christophe Touvet: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"
Previous message: Dave Van Allen: "Re: SCO Openserver 5.0.5 syn-floodable"
Maybe in reply to: NACS Security Administrator: "buffer overflow in dbadmin"