|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Reg Quinton (reggers
ist.uwaterloo.ca)Date: Mon Dec 17 2001 - 11:50:54 CST
> 2) Reg Quinton has written a wrapper to login which he believes will
> block an exploit:
http://ist.uwaterloo.ca/~reggers/drafts/login.wrapper
Several folks have explained the vulnerability to me and why my trick
doesn't work. This is the most concise:
> from Fletcher Mattox [fletchercs.utexas.edu]:
>
>cs.utexas.edu$ rsh cs -l zortl
>Password:
>Login incorrect
>login: zortl xxx=yyy <- this is typed by the user on stdin to login
> after the program has been exec'd and command
> line args have been processed. the same code
> processes this line (in getargs()) which is
> used to parse the command line and in which
> the buffer overflow occurs.
A wrapper like I proposed won't help at all there.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]