Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: false alarm: query cgi problem
From: mouse () Holo Rodents Montreal QC CA (der Mouse)
Date: Fri, 10 Jan 1997 12:03:22 -0500


For anyone who cares, the buffer overflow in the query cgi is not
exploitable.  This is because the exploit requires 21,000+ bytes, and
the maximum size for a URL is 1024 bytes.  That is how it is defined
in the RFC.


That doesn't necessarily mean it's not exploitable; it depends on what
the web server in question does with URLs that violate the RFC.  If the
web server truncates, dumps the request, or something similar, you're
okay - but if it is liberal in what it accepts and is willing to handle
URLs 21K long, you could still be in trouble.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]