Hi Rick,
At 09:58 17/11/00 -0500, Rick Murphy wrote:
>At 01:00 PM 11/16/2000 -0800, [EMAIL PROTECTED] wrote:
>>Has anyone verified this vulnerability?? Hopefully these vulnerability
>>alert type companies will at least verify the vulnerability before
>>release it to the public.
>
>It's a vulnerability in one sense but it's unlikely in the extreme that
>anyone could exploit it. To exploit the vulnerability, you've got to pass
>a carefully crafted display argument to x-gw. Fortunately, x-gw is usually
>started up by other proxies (like the telnet proxy); that proxy parses the
>display argument and won't let you pass that 'carefully crafted' display
>argument.
I don't see where the buf parm can be exploited. all pmsg calls are
either with an "internal" buffer or
with one that was sprintf-ed in. so even passing a display of "%s" hoping
for a core dump doesn't do.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
