Network Security: Detailed info on Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflo

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflo

from [3APA3A] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security)
Date:	Fri, 30 Apr 2004 19:49:54 +0400

Dear Slotto Corleone,



--Friday, April 30, 2004, 3:43:15 AM, you wrote to 
full-disclosure@lists.netsys.com:


SC> - sphiro/libhttp/http_socks.c
SC>  int get_request(int type,struct sockaddr_in client,int sc,SSL *s)
SC> ...
SC>  char buffer[MAX_READ +1];
SC>  char auth_buff[MAX_READ+1];
SC>  char filename[128];
SC> ...
SC> ...

<skipped>

SC>  sprintf(filename,"%s%s",config->webroot,request);  <-- oops

According  to information you provided this is stack overflow, not heap.
And  in  this  very  case it looks not to be exploitable, because behind
filename boundaries sprintf() overwrites beginning of auth_buf. Of cause
I  may  be  wrong,  full  annalists  of  source  code  required  to make
conclusion.

-- 
~/ZARAZA
Åñëè äàæå âû ïîëó÷èòå êàêîå-íèáóäü ïèñüìî, âû âñå ðàâíî íå ñóìååòå åãî 
ïðî÷èòàòü. (Òâåí)

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Richard Johnson Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), morning_wood Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), morning_wood Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), 3APA3A <= Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone

Previous by Date:	RE: [Full-Disclosure] viruses being sent to list, Alerta Redsegura
Next by Date:	[Full-Disclosure] [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke], Janek Vind
Previous by Thread:	Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), morning_wood
Next by Thread:	Re: [Full-Disclosure] H9-0001 Advisory: Sphiro HTTPD remote heap overflow (Rosiello Security), Slotto Corleone
Indexes:	[Date] [Thread] [Top] [All Lists]