Results 1 to 3 of 3

Thread: Microsoft Advertisement: Security Flaw

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

June 3rd, 2006, 09:18 AM #3
sec_ware

View Profile

View Forum Posts

Visit Homepage
Senior Member

Join Date

Mar 2004

Posts

557
Hi

Thanks for reviving this thread

The security flaw[1] is a classical integer overflow, which leads
to an heap overflow[2]: if strlen(server) is 254 or 255 the resulting
namelen is 0 or 1 respectively.

I tried to identify conditions which turn the security flaw into a
vulnerability. I have not found such a combination (hence I was
not able to write an exploit). But then, my knowledge is limited,
hence the question still stays open: any other ways to proceed?

Thanks & Cheers

[1] http://www.sei.cmu.edu/pub/documents...df/05tn003.pdf , Section 1.1
[2] http://www.securityfocus.com/infocus/1846, nice review and outlook

If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
Reply With Quote

Quick Navigation Programming Security Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Microsoft Advertisement: Security Flaw

Thread Tools

Display

Threaded View

Posting Permissions