<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: OpenVMS fingerd remote stack overflow

Re: OpenVMS fingerd remote stack overflow

From: Tim Newsham <newsham_at_lava.net>
Date: Fri, 8 Aug 2008 08:24:16 -1000 (HST)

> On Thu, Aug 07, 2008 at 12:08:53AM +0100, Shaun Colley wrote:
>> The MultiNet finger service runs on port 79 by default (like other finger
>> servers) and takes a username to query. A long string (~250+ or so bytes)
>> will cause a stack overflow, giving control of a saved return address and
>> hence the program counter (PC).
>
> Hahahaha, welcome to 1988!

Old software can be so much fun.

http://minnie.tuhs.org/pipermail/unix-jun72/2008-May/000126.html
http://minnie.tuhs.org/pipermail/unix-jun72/2008-May/000250.html

> Alex

Tim Newsham
http://www.thenewsh.com/~newsham/
Received on Aug 08 2008

This message: [ Message body ]
Next message: Ben Laurie: "Re: OpenID/Debian PRNG/DNS Cache poisoning advisory"
Previous message: Eric Rescorla: "Re: OpenID/Debian PRNG/DNS Cache poisoning advisory"
In reply to: Alexander Sotirov: "Re: OpenVMS fingerd remote stack overflow"
Next in thread: Kevin Finisterre (lists): "Re: OpenVMS fingerd remote stack overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]