Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Neotrace v2.12a Buffer Overflow [?]

Re: Neotrace v2.12a Buffer Overflow [?]

From: Erik Tayler <nine_at_14X.NET>
Date: Fri, 1 Sep 2000 12:06:00 -0500

The person that sent this to me said they just pressed 'Trace'. I
understand that there is nothing to gain from this, was just relaying a
question for someone :) .

Erik Tayler

eEye Digital Security wrote:
>
> I could be reading this wrong but... Are you saying that you entered a
> really long string into the Neotrace IP address box and then clicked "Trace"
> or whatever and it overflow? If that is the case then there is nothing
> really to gain because you cant elevate any privileges (Win9x, but even if
> it was NT your running as your own user) and this wouldn't be a remote hole
> so all in all there is nothing to gain. Then again you could have meant
> something like spoofing a return to the trace routing ip or something.
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eCompany / eEye
> T.949.349.9062
> F.949.349.9538
> http://eEye.com
>
> | -----Original Message-----
> | From: VULN-DEV List [mailto:VULN-DEV_at_SECURITYFOCUS.COM]On Behalf Of Erik
> | Tayler
> | Sent: Thursday, August 31, 2000 10:14 PM
> | To: VULN-DEV_at_SECURITYFOCUS.COM
> | Subject: Neotrace v2.12a Buffer Overflow [?]
> |
> |
> | Someone sent this to us, wondering if there could be further
> | exploitation of
> | this buffer overflow. Since I am not an overflow guru, I decided
> | to forward
> | it to vuln-dev. Program error was caused after an extremely long string of
> | [any character]. Also, the program doesn't do any checking to see
> | if you are
> | entering an IP address [valid or not] or domain name. We will let
> | you buffer
> | overflow gurus draw up conclusions about this, but in my opinion,
> | it isn't a
> | significant vulnerability. Neotrace [2.12a] was running on
> | Windows 98SE when
> | this occurred [the the best of my knowledge].
> |
> | NEOTRACE caused an invalid page fault in
> | module <unknown> at 0000:41092626.
> | Registers:
> | EAX=00000000 CS=0167 EIP=41092626 EFLGS=00010206
> | EBX=00000000 SS=016f ESP=0071f410 EBP=00ae96e0
> | ECX=cfb1caf0 DS=016f ESI=00431c8c FS=13b7
> | EDX=00000000 ES=016f EDI=00ae8b50 GS=0000
> | Bytes at CS:EIP:
> |
> | Stack dump:
> | 352b746c 00ae9600 0071f674 00000001 546f654e 65636172 7777203a 34312e77
> | 656e2e78 26262674 26262626 26262626 26262626 26262626 26262626 26262626
> |
> | ______________________
> | Erik Tayler
> | 14x Network Security
> | http://www.14x.net
> |
Received on Sep 02 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos