|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Josha Bronson (dmuz
slartibartfast.angrypacket.com)Date: Mon Dec 17 2001 - 10:59:37 CST
On Mon, Dec 17, 2001 at 01:33:20AM -0500, zillion said:
>
> Tamer Sahin reported a DoS vulnerability in Atphttpd last week. This is
> an exploitable buffer overflow which has been known for several months.
> the authour was informed about it 3 months ago and responded with the
> words: "well there probably a lot more wrong with atphttpd" and has not
> done a thing about it.
That's not a very great attitude.
> Here is an exploit which demonstrates the buffer overflow vulnerability
> (has been available on safemode.org for about 3 weeks, proof
> http://www.google.com/search?q=atphttpd ;-)
Well, we were not aware that anyone else had realized that this
condition was indeed exploitable. So, in the spirit of the holidays here
is an exploit for ATP-httpd 0.4 running on OpenBSD.
It was coded mostly by methodic, with help from others of AngryPacket
Security.
cheers,
-- josha.bronson(aka->dmuz) >> dmuz
- text/plain attachment: atphttpd-smack.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]