|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BitchX /ignore bug
From: Mikael Olsson (mikael.olsson
ENTERNET.SE)Date: Fri Jul 07 2000 - 09:11:25 CDT
- Next message: Maxime Rousseau: "The AOL Spyware"
- Previous message: Shelagh Pepper: "Re: apache and 404/404 status codes"
- In reply to: Steve Mosher: "Re: BitchX /ignore bug"
- Next in thread: Steve Mosher: "Re: BitchX /ignore bug"
- Next in thread: Bluefish: "Re: BitchX /ignore bug"
- Reply: Mikael Olsson: "Re: BitchX /ignore bug"
- Reply: Steve Mosher: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Steve Mosher wrote:
>
> I'm willing to bet that code witten by those who write script-kid
> exploits is probably of the most secure around.
Hehe, no, sorry to disappoint you. It isn't. They are quick, dirty
hacks that do everything from "plain not work" to do buffer overruns
and printf exploits on themselves.
I picked apart ping of death v2 half a year ago and wheeeee were
there some fun things in it. The most interesting one was where
the "send mangled IP buffer" piece did a buffer overrun on itself
and shuffled lots of its stack data across the internet, including
the EIP and lots of other interesting stuff :-)
-- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson
- Next message: Maxime Rousseau: "The AOL Spyware"
- Previous message: Shelagh Pepper: "Re: apache and 404/404 status codes"
- In reply to: Steve Mosher: "Re: BitchX /ignore bug"
- Next in thread: Steve Mosher: "Re: BitchX /ignore bug"
- Next in thread: Bluefish: "Re: BitchX /ignore bug"
- Reply: Mikael Olsson: "Re: BitchX /ignore bug"
- Reply: Steve Mosher: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]