NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vulndiscuss> 2004-q4

[VulnDiscuss] Re: [VulnWatch] Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc inside.

From: class 101 (class101gmail.com)
Date: Tue Dec 28 2004 - 05:08:02 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanx Mr Wysopal for the bugfix, I tried to msg stake 1 month ago, but the
mailboxes were offline, tried securityfocus then , they said me to view with
stake :>
Tried with symantec cos I heard stake was apart of it without sucess again,
tried with Hobbit , got success but he didnt trusted me about the large
impact of that hole.
That why you prolly got no notice of this hole 1 month ago, sorry for this
but too many "intermediary" persons since netcat.

Bye
-------------------------------------------------------------
class101
Hat-Squad.com
-------------------------------------------------------------
----- Original Message -----
From: "Chris Wysopal" <weldvulnwatch.org>
To: <vulnwatchvulnwatch.org>
Sent: Tuesday, December 28, 2004 2:36 AM
Subject: [VulnWatch] Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability,
Poc inside.

>
> Application: Netcat for Windows 1.1
> Platform: Windows NT/2000/XP/2003
> Severity: Remote code execution
> Status: Fixed, new version available
> Date: 12/27/2004
>
>
> Summary
>
> Netcat for Windows 1.1 has a buffer overflow vulnerability that allows
> remote execution of code. It is exposed when netcat is run using the -e
> option which execs a process and pipes the listening socket io to the
> stdio of the exec'd process.
>
> Note that this issue does not exist in netcat for the unix platform.
>
>
> Details
>
> doexec.c (line 445) was missing a check to see if BufferCnt had
> incremented past the end of the recieve buffer. With the check in place
> the buffer is flushed before it overwrites the end. The following new
> line adds the check.
>
> if (RecvBuffer[0] == '\n' || RecvBuffer[0] == '\r' ||
> BufferCnt > BUFFER_SIZE-1) {
>
>
> Update
>
> A fixed version, Netcat for Windows 1.11, is available at:
> http://www.vulnwatch.org/netcat/
>
>
> Credit
>
> Hat Squad discovered this vulnerabiltiy. Hat Squad's advisory is
> available at http://www.hat-squad.com/en/000142.html
>
>
>
>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]