Vulnerability Development mailing list archives
Re: Telnetd AYT overflow scanner and linux telnet 0.17
From: H D Moore <hdm () secureaustin com>
Date: Tue, 31 Jul 2001 13:20:54 -0500
Two minor corrections, the caffiene hadn't kicked in yet: On Tuesday 31 July 2001 01:02 pm, H D Moore wrote:
Linux telnetd is very buggy, whether or not it is exploitable is a different story. By sending many AYT's, you overwrite the netoprintf variable with the string "\r\n[ hostname : yes]\r\n", which will eventually
netoprintf is the function, netobuf is the buffer we smash.
How to calculate the number of bytes each AYT request causes to be written to netoprintf:
Same as above. -HD
Current thread:
- RE: Telnetd AYT overflow scanner and linux telnet 0.17 Dawes, Rogan (ZA - Johannesburg) (Jul 31)
- Re: Telnetd AYT overflow scanner and linux telnet 0.17 H D Moore (Jul 31)
- Re: Telnetd AYT overflow scanner and linux telnet 0.17 H D Moore (Jul 31)
- Re: Telnetd AYT overflow scanner and linux telnet 0.17 H D Moore (Jul 31)