|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Neotrace v2.12a Buffer Overflow [?]
From: eEye Digital Security (eeye
EEYE.COM)Date: Fri Sep 01 2000 - 04:27:49 CDT
- Next message: Inno Eroraha: "Re: SSL & IDS"
- Previous message: Blake Frantz: "Yahoo Pager Update"
- In reply to: Erik Tayler: "Neotrace v2.12a Buffer Overflow [?]"
- Next in thread: Erik Tayler: "Re: Neotrace v2.12a Buffer Overflow [?]"
- Reply: eEye Digital Security: "Re: Neotrace v2.12a Buffer Overflow [?]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I could be reading this wrong but... Are you saying that you entered a
really long string into the Neotrace IP address box and then clicked "Trace"
or whatever and it overflow? If that is the case then there is nothing
really to gain because you cant elevate any privileges (Win9x, but even if
it was NT your running as your own user) and this wouldn't be a remote hole
so all in all there is nothing to gain. Then again you could have meant
something like spoofing a return to the trace routing ip or something.
Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.349.9062
F.949.349.9538
http://eEye.com
| -----Original Message-----
| From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of Erik
| Tayler
| Sent: Thursday, August 31, 2000 10:14 PM
| To: VULN-DEVSECURITYFOCUS.COM
| Subject: Neotrace v2.12a Buffer Overflow [?]
|
|
| Someone sent this to us, wondering if there could be further
| exploitation of
| this buffer overflow. Since I am not an overflow guru, I decided
| to forward
| it to vuln-dev. Program error was caused after an extremely long string of
| [any character]. Also, the program doesn't do any checking to see
| if you are
| entering an IP address [valid or not] or domain name. We will let
| you buffer
| overflow gurus draw up conclusions about this, but in my opinion,
| it isn't a
| significant vulnerability. Neotrace [2.12a] was running on
| Windows 98SE when
| this occurred [the the best of my knowledge].
|
| NEOTRACE caused an invalid page fault in
| module <unknown> at 0000:41092626.
| Registers:
| EAX=00000000 CS=0167 EIP=41092626 EFLGS=00010206
| EBX=00000000 SS=016f ESP=0071f410 EBP=00ae96e0
| ECX=cfb1caf0 DS=016f ESI=00431c8c FS=13b7
| EDX=00000000 ES=016f EDI=00ae8b50 GS=0000
| Bytes at CS:EIP:
|
| Stack dump:
| 352b746c 00ae9600 0071f674 00000001 546f654e 65636172 7777203a 34312e77
| 656e2e78 26262674 26262626 26262626 26262626 26262626 26262626 26262626
|
| ______________________
| Erik Tayler
| 14x Network Security
| http://www.14x.net
|
- Next message: Inno Eroraha: "Re: SSL & IDS"
- Previous message: Blake Frantz: "Yahoo Pager Update"
- In reply to: Erik Tayler: "Neotrace v2.12a Buffer Overflow [?]"
- Next in thread: Erik Tayler: "Re: Neotrace v2.12a Buffer Overflow [?]"
- Reply: eEye Digital Security: "Re: Neotrace v2.12a Buffer Overflow [?]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]