Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: ebola 0.1.4 remote exploit
From: Paul L Daniels <pldaniels () pldaniels com>
Date: Wed, 10 Dec 2003 06:54:43 +1000
Please note that this has also been fixed in 0.1.5 which has been available now for well over a week (Thanks to KF's
work at Snosoft).

There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls through out the codebase.  These have all
been changed over to the safer usage of snprintf().  Certainly there may still be more exploits in the codebase as the
codebase is no longer actively maintained (apart from when I receive bug/exploit reports), hence it would only be
productive to use the latest release for your hunting.

Furthermore, I believe there's a proceedure and protocol for disclosure of bugs/exploits, please, I would appeciate it
if in future that was used.

Regards.

-- 
Paul L Daniels    http://www.pldaniels.com
Linux/Unix systems    Internet Development
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
A.B.N. 19 500 721 806

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]