Network Security: Detailed info on RE: [Full-disclosure] Skype security advisory

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

RE: [Full-disclosure] Skype security advisory

from [. EADS CCR DCR/STI/C] Network Security

[Permanent Link]

Subject:	RE: [Full-disclosure] Skype security advisory
Date:	Thu, 27 Oct 2005 15:55:28 +0200

On Wed, 26 Oct 2005, Brown, Bobby (US - Hermitage) wrote:

I have the question, can the exploit be perform with no interaction of
the user other than having the program running waiting for a connection
or is it only valid after a user accepted a connection and then the flaw
is exploited?


You don't need any user interaction. It works like any heap overflow (and 
even better because you can directly overwrite some function's pointers
without needing help from the heap management (unlink and friends)).

Because a single UDP packet can exploit the flaw, source can be spoofed 
and doesn't even have to be an IP/port the client has already spoken to.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Skype security advisory, . EADS CCR DCR/STI/C RE: [Full-disclosure] Skype security advisory, Brown, Bobby \(US - Hermitage\) Re: [Full-disclosure] Skype security advisory, sk RE: [Full-disclosure] Skype security advisory, . EADS CCR DCR/STI/C <=

Previous by Date:	Re: [Full-disclosure] annoying bug in Windows XP, Micheal Espinola Jr
Next by Date:	[Full-disclosure] [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection, CIRT.DK Advisory
Previous by Thread:	Re: [Full-disclosure] Skype security advisory, sk
Next by Thread:	[Full-disclosure] [SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution, Martin Schulze
Indexes:	[Date] [Thread] [Top] [All Lists]