• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Tomahawk Technologies SteelArrow Cookie HTTP Header Buffer Overflow Vulnerability

Reportedly, SteelArrow suffers from a buffer overflow condition when cookies are used. SteelArrow keeps records of user sessions using cookies. It is possible for an attacker to supply an overly long value of the Cookie HTTP header that will cause the buffer overflow condition. This will cause the SteelArrow service to crash and overwrite stack memory with attacker supplied values.