Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Neotrace v2.12a Buffer Overflow [?]

Re: Neotrace v2.12a Buffer Overflow [?]

From: Juliano Rizzo <juliano_at_CORE-SDI.COM>
Date: Mon, 4 Sep 2000 15:35:49 +0300

On 2/9 Juliano Rizzo wrote:

[...]
> Would be a problem if the same overflow occurs when the
> program resolves domain names or request any other
> information from a remote non trusted source.

Well, I didn't say in my last post that there is a possible exploitable
remote overflow in Neotrace v2.12a. It will crash resolving long domain
names, the target host's name or any hop in the middle. You can check it
editing the hosts file:
10.0.66.6 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(a lot)
Then try to use Neotrace against that ip, the AA's string will be
lowercased before overflow.
May be there are other exploitable bugs in this program, all the code
should be checked if it try to be a secure application. 

--
Juliano Rizzo <juliano_at_core-sdi.com>
[www.core-sdi.com]
julianor.tripod.com
Received on Sep 04 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos