Full Disclosure mailing list archives
Re: iDEFENSE Security Advisory 12.06.05: Ipswitch
From: H D Moore <fdlist () digitaloffense net>
Date: Fri, 16 Dec 2005 08:59:50 -0600
This may not be a limitation if you can use the argument-skipping syntax in msvcrt (ie. %4000$x). -HD On Friday 16 December 2005 08:32, FistFucker wrote:
I don't think it's > exploitable because the user controlled string is many thousand bytes away from the stack pointer and you can only send 512 bytes to the SMTP daemon.
[snip]
If someone was able to exploit this, I would be interested in exploit code or an explanation to learn from him.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch Chris Rogers (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch H D Moore (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)
- Message not available
- Message not available
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch H D Moore (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)