Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long sh

from [KF (lists)] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow.
Date: Thu, 29 Apr 2004 18:06:12 -0400 
smbd aparantly likes them to be a 256 chars or less aparantly. =]

Apr 27 18:26:39 CloneRiot smbd[2670]: ERROR: string overflow by 1 (256 - 255) in safe_strcpy [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]

-KF

Lan Guy wrote:

http://lists.samba.org/archive/jcifs/2003-February/001782.html

Even people like Christopher Hertel
http://ietf.cnri.reston.va.us/internet-drafts/draft-crhertel-smb-url-06.txt

don't know the maximum limit of a share name.
I always thought that the protocol could not have more than 127 charaters in a single share name length.

In any case Explorer should not crash.
Lan Guy

----- Original Message ----- From: "KF (lists)" <kf_lists@secnetops.com>
To: <bugtraq@securityfocus.com>
Cc: <full-disclosure@lists.netsys.com>
Sent: Thursday, April 29, 2004 2:55 AM
Subject: Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow.


I would say they lied myself... I have all patches from Windows update installed including all the optional ones... still crashes for me and still tears up the EIP and EBP. My IE advertises itself as: 6.0.2800.1106 SP1; Q837009;Q8832894:Q831167 , The OS is Win2k Server 5.00.2195 SP4.

Thus far I have been unable to locate a good unicode return address... but thats not to say there is not one there. =] . For those of you wondering smb.conf DOES allow for characters like \x90 and other things of that nature.

enjoy.

-KF


Paul Szabo wrote:


Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is
fixed in W2kSP4; or maybe that KB article refers to a different problem: it
say the error should be "Access Violation", I got "Program Error".

Cheers,

Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] viruses being sent to list, gurney
Next by Date:  [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone
Previous by Thread:  Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., Lan Guy
Next by Thread:  Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., 3APA3A
Indexes:  [Date] [Thread] [Top] [All Lists]