Full Disclosure mailing list archives
Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow.
From: "KF (lists)" <kf_lists () secnetops com>
Date: Thu, 29 Apr 2004 18:06:12 -0400
smbd aparantly likes them to be a 256 chars or less aparantly. =]Apr 27 18:26:39 CloneRiot smbd[2670]: ERROR: string overflow by 1 (256 - 255) in safe_strcpy [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
-KF Lan Guy wrote:
http://lists.samba.org/archive/jcifs/2003-February/001782.html Even people like Christopher Hertelhttp://ietf.cnri.reston.va.us/internet-drafts/draft-crhertel-smb-url-06.txtdon't know the maximum limit of a share name.I always thought that the protocol could not have more than 127 charaters in a single share name length.In any case Explorer should not crash. Lan Guy ----- Original Message ----- From: "KF (lists)" <kf_lists () secnetops com> To: <bugtraq () securityfocus com> Cc: <full-disclosure () lists netsys com> Sent: Thursday, April 29, 2004 2:55 AMSubject: Re: [Full-disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow.I would say they lied myself... I have all patches from Windows update installed including all the optional ones... still crashes for me and still tears up the EIP and EBP. My IE advertises itself as: 6.0.2800.1106 SP1; Q837009;Q8832894:Q831167 , The OS is Win2k Server 5.00.2195 SP4.Thus far I have been unable to locate a good unicode return address... but thats not to say there is not one there. =] . For those of you wondering smb.conf DOES allow for characters like \x90 and other things of that nature.enjoy. -KF Paul Szabo wrote:Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is fixed in W2kSP4; or maybe that KB article refers to a different problem: itsay the error should be "Access Violation", I got "Program Error". Cheers,Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow., (continued)
- Re: RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow. Daniel Regalado Arias (Apr 26)
- Re: Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. Milan 't4c' Berger (Apr 26)
- RE: Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (Apr 26)
- Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. KF (lists) (Apr 26)
- Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. jan . muenther (Apr 27)
- Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. KF (lists) (Apr 28)
- Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. Lan Guy (Apr 29)
- Re: Microsoft's Explorer and Internet Explorer long share name buffer overflow. KF (lists) (Apr 29)
- Re[2]: Microsoft's Explorer and Internet Explorer long share name buffer overflow. 3APA3A (Apr 29)