From owner-freebsd-security Thu Jan 27 23:40:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from dor.zaural.ru (dor.zaural.ru [195.161.56.129]) by hub.freebsd.org (Postfix) with ESMTP id 668BF14C82; Thu, 27 Jan 2000 23:40:01 -0800 (PST) (envelope-from serg@dor.zaural.ru) Received: (from serg@localhost) by dor.zaural.ru (8.9.3/8.9.3) id MAA02652; Fri, 28 Jan 2000 12:39:58 +0500 (YEKT) (envelope-from serg) From: "Sergey N. Voronkov" Message-Id: <200001280739.MAA02652@dor.zaural.ru> Subject: delegate buffer overflow (ports) To: max@FreeBSD.org Date: Fri, 28 Jan 2000 12:39:58 +0500 (YEKT) Cc: freebsd-security@FreeBSD.org, freebsd-bugs@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Looking up in the net: > Hi. > > Delegate, a multiple-service proxy server contains several hundret buffer > overflows and is horrible insecure in general. > > Attached there is a demonstration exploit for just one remotely > exploitable buffer overflow for delegate, compiled on linux (this bug is > exploitable on several other platforms, too). > > I didn't bothered to notify the author of delegate, since it is > impossible to make delegate secure short time (it contains over 1000 > strcpy's and over 500 sprintf's). Just don't use delegate anymore. > > > ciao, > scut / teso security > [http://teso.scene.at/] > > -- > - scut@nb.in-berlin.de - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet -- > -- you don't need a lot of people to be great, you need a few great to be -- > -- the best ----------------------------------------------------------------- > --- nuclear arrival weapon spy agent remain undercover, hi echelon ---------- And exploit for it: http://www.security.nnov.ru/1999/exploits/delefate.c Time to make port BROKEN ? Serg N. Voronkov. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message