Home page logo
/

bugtraq logo Bugtraq mailing list archives

How to exploit AlephOne by JP of AntiOnline
From: positron () THEGRID NET (F0RMiCA)
Date: Fri, 24 Apr 1998 00:28:54 -0700


Hello, I am bringing to your attention a very serious offense to AlephOne's
First Amendment Rights and to Copyright Violation.

Recently I noticed that AntiOnline Posted a "Special Report" on Buffer
Exploits which is a startling resemblance to AlephOne's Article in PHRACK49
"Smashing the Stack..."

Here is what i mean:

JP:
-----------------------

void function(char *str) {   char buffer[16];   strcpy(buffer,str);}
void main() {  char evil[256];  int i;  for(i=0;i<255;i++)    evil[i] = 'A';
    function(evil);}

AlephOne:
--------------void function(char *str) {   char buffer[16];
   strcpy(buffer,str);}void main() {  char large_string[256];  int i;
  for( i = 0; i < 255; i++)    large_string[i] = 'A';
function(large_string);}
AND FOR MORE:

JP:
-----
Ok, we can tell that a typical buffer overflow exists here,the function
involved uses the strcpy() function to check its bounds, instead of the
safer, strncpy().

AlephOne:
--------------
   This is program has a function with a typical buffer overflow coding
error.  The function copies a supplied string without bounds checking by
using strcpy() instead of strncpy().

******************************************
I am bringing this up because there was no citation or credit given to
AlephOne to *HIS* code, not JP's, and that it is a serious illegal offense,
not to mention highly immoral, to steal the works of other colleagues in
this field.  because of this, antionline (www.antionline.com) and JP should
be boycotted and even prosecuted for copyright infringement.
F0RMiCA
Ambient Empire
http://www.thegrid.net/positron



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault