Bugtraq mailing list archives
Re: Re: licq remote DoS?
From: mrangelov () globul bg
Date: 10 Apr 2008 15:19:36 -0000
You're right, there is no check against FD_SETSIZE. IMO it's a bad idea not to enforce some kind of accepted connections limit. However, I'm pessimistic about the possibility of executing arbitrary code - even if you succeed to overwrite the return address, you must think of some other way to place "evil code". Of course, nothing is impossible :) BTW, my PoC code has some pretty dumb bug, char hostname[12] should be char hostname[15]...stupid me, I forgot about the dots in the ip address :)
Current thread:
- licq remote DoS? Milen Rangelov (Apr 08)
- Re: licq remote DoS? 3APA3A (Apr 10)
- <Possible follow-ups>
- Re: Re: licq remote DoS? mrangelov (Apr 10)