|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: innd 2.2.2 remote buffer overflow
From: Michal Zalewski (lcamtuf
DIONE.IDS.PL)Date: Mon Jun 05 2000 - 15:46:25 CDT
- Next message: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Previous message: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- In reply to: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Next in thread: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Reply: Michal Zalewski: "Re: innd 2.2.2 remote buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 6 Jun 2000, Russ Allbery wrote:
> Note that this code is only ever executed if the option
> "verifycancels" is enabled in inn.conf. This is *not* the default,
> and has been recommended against for some time now since it really
> doesn't do any real good.
It is enabled by default in RH, and usually is enabled on live innd sites.
> Note that due to the syntax checking INN performs on message IDs, this
> will be mildly difficult to exploit, although it's probably at least
> theoretically possible.
It is exploitable :)
_______________________________________________________
Michal Zalewski [lcamtuftpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
- Next message: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Previous message: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- In reply to: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Next in thread: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Reply: Michal Zalewski: "Re: innd 2.2.2 remote buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]