Bugtraq mailing list archives

SubSeven 2.1a (trojan)

From: d1g17al () HOTMAIL COM (Andrew Griffiths)
Date: Wed, 19 Jan 2000 22:58:41 GMT


There is a buffer overflow in Subseven 2.1a. It happens when you tell the
server to execute a dos command > 315 chars long. Depending on how long it
is, you can get it to quit quietly (not sure how long) plain crash (eip not
written over) or trash every variable there. (Around 4000 i think.)

Hell, I'm not sure if it's a bug in the OS (Win95 tested on) that can't
handle it but anyway.

An interesting side effect seems to be that stops connections to 139. I'm
not sure if it affects others I haven't had the time, lately.

The default install port is 27374, (assuming no password) type DOS
xxxxx(lot's x's)xxxxx and the connection should drop. There is some script I
wrote for the Nessus scanner (www.nessus.org) that'll get it to crash.

Catch ya,

Andrew Griffiths

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

Re: XML in IE 5.0 Mike Brown (Jan 13)
- Re: XML in IE 5.0 Mikael Olsson (Jan 13)
  - Re: XML in IE 5.0 Mike Brown (Jan 13)
- <Possible follow-ups>
- Re: XML in IE 5.0 Ryan Russell (Jan 14)
  - Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
    - Re: XML in IE 5.0 David LeBlanc (Jan 18)
    - Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
  - Re: XML in IE 5.0 Darren Reed (Jan 17)
    - Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
    - SubSeven 2.1a (trojan) Andrew Griffiths (Jan 19)
    - Re: XML in IE 5.0 David LeBlanc (Jan 20)
    - Some discussion in http-wg ... FW: webmail vulnerabilities: a new pragma token? Eric D. Williams (Jan 19)
  - SyGate 3.11 Port 7323 / Remote Admin hole jalerta () nestworks com (Jan 28)
  - [LoWNOISE] Rightfax web client 5.2 ET LoWNOISE (Jan 29)
- Re: XML in IE 5.0 Meilicke, Scott (Jan 18)