Date: Fri, 28 Jan 2000 12:39:58 +0500 (YEKT) From: "Sergey N. Voronkov" <serg@dor.zaural.ru> To: max@FreeBSD.org Cc: freebsd-security@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: delegate buffer overflow (ports) Message-ID: <200001280739.MAA02652@dor.zaural.ru>
next in thread | raw e-mail | index | archive | help
Hi! Looking up in the net: > Hi. > > Delegate, a multiple-service proxy server contains several hundret buffer > overflows and is horrible insecure in general. > > Attached there is a demonstration exploit for just one remotely > exploitable buffer overflow for delegate, compiled on linux (this bug is > exploitable on several other platforms, too). > > I didn't bothered to notify the author of delegate, since it is > impossible to make delegate secure short time (it contains over 1000 > strcpy's and over 500 sprintf's). Just don't use delegate anymore. > > > ciao, > scut / teso security > [http://teso.scene.at/] > > -- > - scut@nb.in-berlin.de - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet -- > -- you don't need a lot of people to be great, you need a few great to be -- > -- the best ----------------------------------------------------------------- > --- nuclear arrival weapon spy agent remain undercover, hi echelon ---------- And exploit for it: http://www.security.nnov.ru/1999/exploits/delefate.c Time to make port BROKEN ? Serg N. Voronkov. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001280739.MAA02652>