Date: 30 Oct 2000 09:43:42 +0100 From: Dag-Erling Smorgrav <des@thinksec.com> To: Roman Shterenzon <roman@xpert.com> Cc: freebsd-security@freebsd.org Subject: Re: [roman@xpert.com: Remote buffer overflow in gnomeicu 0.93] Message-ID: <xzpvgua90sh.fsf@aes.thinksec.com> In-Reply-To: Roman Shterenzon's message of "Sat, 28 Oct 2000 02:03:59 %2B0200" References: <20001028020359.A61199@alchemy.oven.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Roman Shterenzon <roman@xpert.com> writes: > Yesterday, running sockstat I noticed that openicu listens on TCP port 40= 00. > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed > like a charm. I'm suspecting buffer overflow which may allow an intruder > to receive a shell on victim's machine. Instead of feeding it zeroes, try feeding it A's (e.g. using 'cat /dev/zero | tr \\0 A') and see if it crashes trying to dereference 0x41414141; if it does, it's likely to be exploitable. DES --=20 Dag-Erling Sm=F8rgrav - des@thinksec.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvgua90sh.fsf>