|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IIS %c1%1c remote command execution
From: rain forest puppy (rfp
WIRETRIP.NET)Date: Wed Oct 18 2000 - 18:23:45 CDT
- Next message: Ksecurity: "Ksecurity Advisory: ntop format string vulnerability"
- Previous message: Luiz Lima: "En: Microsoft Security Bulletin (MS00-078)"
- In reply to: Florian Weimer: "Re: IIS %c1%1c remote command execution"
- Next in thread: ET LoWNOISE: "[LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution"
- Next in thread: Cris Bailiff: "Re: IIS %c1%1c remote command execution"
- Reply: rain forest puppy: "Re: IIS %c1%1c remote command execution"
- Reply: ET LoWNOISE: "[LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> This is one of the vulnerabilities Bruce Schneier warned of in one of
> the past CRYPTO-GRAM isssues. The problem isn't the wrong time of
> path checking alone, but as well a poorly implemented UTF-8 decoder.
> RFC 2279 explicitly says that overlong sequences such as 0xC0 0xAF are
> invalid.
Yep, I agree, and that's because...
> Markus Kuhn's UTF-8 stress test file contains some tests covering such
> problems. It's available at:
> http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
Markus' FAQ is what helped me to understand what's going on. It
definately is a good writeup.
I also reviewed a writeup located at:
As equally informative.
As UTF support creeps into various places, this may become a more
prominent problem. I already forsee uses in virus scanner and IDS
evasion.
- rfp
- Next message: Ksecurity: "Ksecurity Advisory: ntop format string vulnerability"
- Previous message: Luiz Lima: "En: Microsoft Security Bulletin (MS00-078)"
- In reply to: Florian Weimer: "Re: IIS %c1%1c remote command execution"
- Next in thread: ET LoWNOISE: "[LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution"
- Next in thread: Cris Bailiff: "Re: IIS %c1%1c remote command execution"
- Reply: rain forest puppy: "Re: IIS %c1%1c remote command execution"
- Reply: ET LoWNOISE: "[LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]