Bugtraq mailing list archives

false alarm: query cgi problem

From: apropos () sover net (Apropos of Nothing)
Date: Thu, 9 Jan 1997 20:26:38 -0500


For anyone who cares, the buffer overflow in the query cgi is not
exploitable.  This is because the exploit requires 21,000+ bytes, and the
maximum size for a URL is 1024 bytes. That is how it is defined in the RFC.


Anyway, consider yourselves lucky since that stops all attacks on query.c
based cgis. (phf, post-query, query, and maybe others have the same buffer
overflow problem).

Of course, it wouldn't hurt to a make getword() et al. do bounds checking.

apropos of nothing

Current thread:

false alarm: query cgi problem Apropos of Nothing (Jan 09)
- <Possible follow-ups>
- Re: false alarm: query cgi problem der Mouse (Jan 10)
- Re: false alarm: query cgi problem Zygo Blaxell (Jan 10)