CERT Coordination Center. Advisory CA-1999-13.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....called, where pointed inside the statically allocated variable curpath, and the length from where where pointed to the end of the bu er was longer than the amount of space left in namebuf. 30 5.1.2 2.5. 0 This version contains two bu er over ow vulnerabilities that lead to remote root compromise [4]. The rst relies on over owing a global variable, the second on access to a message le displayed to ftp clients. The rst vulnerability from 2.5.0 is present only when the compilation option MAPPING CHDIR is turned on (and it is for most systems) The variable that is rst over owed is declared ....

CERT Coordination Center. Advisory CA-1999-13.

....wu ftpd 2.6.2, to compare the e ectiveness of ITS4 at detecting bu er over ow aws with that of STOBO. 5.1.1 2.4.2 beta 18 This version of wu ftpd was distributed with many versions of UNIX, including many Linux distributions. As a result, a vulnerability discovered in it was widely exploited [3]. This vulnerability appeared in the realpath function: realpath(const char pathname, char result) char curpath[MAXPATHLEN] namebuf[MAXPATHLEN] loop: where = curpath; while ( where = 0 ) EXPAND SYMLINKS strcat(namebuf, where) The variables curpath ....

CERT Coordination Center. Advisory CA-1999-03.

....flaws in net tools 1.46. All testing was done using Redhat 7.2 for the i386. 5.1 wu ftpd 2.4.2 beta 18 is known to have an exploitable buffer overflow flaw due to a misuse of strcat(3) 2] This call to strcat(3) was flagged by STOBO with a type 0 warning. Two known overflow flaws exist in 2.5. 0[3], the first of which was another misuse of strcat(3) which was again uncovered with a type 0 warning. The second flaw was caused by a series of calls to sprintf(3) and strcpy(3) Two of the calls to sprintf(3) were flagged by STOBO, one with a type 0 warning and the other with a type 1 ....

Cert coordination center, advisory ca-1999-13. http://www.cert.org/advisories/CA-1999-13.html.

....with STOBO could be compared to the tool developed by Wagner[25] which found a number of buffer overflow flaws in net tools 1.46. All testing was done using Redhat 7.2 for the i386. 5.1 wu ftpd 2.4. 2 beta 18 is known to have an exploitable buffer overflow flaw due to a misuse of strcat(3)[2]. This call to strcat(3) was flagged by STOBO with a type 0 warning. Two known overflow flaws exist in 2.5.0[3] the first of which was another misuse of strcat(3) which was again uncovered with a type 0 warning. The second flaw was caused by a series of calls to sprintf(3) and strcpy(3) Two ....

Cert coordination center, advisory ca-1999-03. http://www.cert.org/advisories/CA-99-03.html.

....the attack is completed. 2.3 An Example of Signature in Sutekh This section presents an example of a signature to detect an attack exploiting a buffer overflow in the admintool program distributed in the Solaris environment. This vulnerability has been reported in the CERT advisory CA 199616 [2]. admintool is a graphical front end to several administration tasks, in particular to install new software packages through the pkgadd command. All Solaris packages contain two files named pkginfo and pkgmap. The first step to overflow admintool is to create these two files in a directory ....

CERT Coordination Center. Advisory CA-

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC