|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.
From: John Swensson (john
THREEBS.COM)Date: Sat Apr 22 2000 - 15:29:13 CDT
- Next message: Ron DuFresne: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Previous message: Thomas Dullien: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- In reply to: Thomas Dullien: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Next in thread: Ron DuFresne: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Reply: John Swensson: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Reply: Ron DuFresne: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have tested this on Win2000 , and failed to reproduce any problems.
I was using the server not the workstation, but that should not make a
difference. However I was not able to open the file with notepad or
wordpad, even after adding a .txt to the end of the file name. I'm
guessing this is just a limitation of notepad and wordpad.
On Sun, 23 Apr 2000, Thomas Dullien wrote:
>
> On Sat, 22 Apr 2000 09:02:35 -0500, Ron DuFresne wrote:
>
> >Bob,
> >
> >Thanks for the info. Just what I was asking about fer sure. And then it
> >seems that EI is not the sole culprit in this little nasty. Has anyone
> >looked to see if this works on NT and or 2000?
>
> Under my NT configuration I cannot reproduce any problems :)
> As 2k is basically NT on DirectX I _assume_ this shouldn't produce
> any problems either.
> I have had a short look at the capability of exploiting the long filenames
> under 98 in the explorer. In my case, a single click will already be enough
> to kill it, but I assume this could vary on 95.
> Exploiting is gonna be a bitch as no registers point to our buffers. If you
> walk the stack upwards you can under certain circumstances find a
> pointer into the extension at ESP+0x1CC or ESP+0x1EC or the like,
> this could already provide us with the pointer we need. I will look at
> it on monday. Anyone wanna do a joint disassembly/analysis of the
> prblem ?
>
>
>
> Thomas Dullien
> dulliengmx.de
> Win32 Security Consultant ;-> Hire me !
>
>
>
>
>
>
- Next message: Ron DuFresne: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Previous message: Thomas Dullien: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- In reply to: Thomas Dullien: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Next in thread: Ron DuFresne: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Reply: John Swensson: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Reply: Ron DuFresne: "Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]