[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible weakness in LPD protocol

To: BUGTRAQ@xxxxxxxxxxxx
Subject: Re: Possible weakness in LPD protocol
From: Oliver Friedrichs <oliver@xxxxxxxxxxxxxxxxxx>
Date: Fri, 3 Oct 1997 11:55:06 -0600
Approved-by: aleph1@xxxxxxxxxxxxxxx
In-reply-to: <Pine.BSI.3.96.971003114221.6664A-100000@xxxxxxxxxxxxxxxxxx>
Reply-to: Oliver Friedrichs <oliver@xxxxxxxxxxxxxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxx>

> On October 02 1997, Bennett Samowich wrote:
>
> 5.) Overflow at least one buffer from the network; this is just
> above the "print any file" part of recvjob.c:
>
>                 cp = line;
>                 do {
>                         if ((size = read(1, cp, 1)) != 1) {
>                                 if (size < 0)
>                                         frecverr("%s: Lost connection",printer);
>                                 return(nfiles);
>                         }
>                 } while (*cp++ != '\n');

In this case "line" is a global variable in common_source/common.c so it
wouldn't be vulnerable to the standard stack overflow, however there are
some other interesting variables near it that look like they could be
manipulated to create undesired effects.

- Oliver

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211

Prev by Date: Re: Possible weakness in LPD protocol
Next by Date: Re: Ulrich Flegel's SSH/X11 "vulnerability"
Previous by thread: Re: Possible weakness in LPD protocol
Next by thread: Re: Possible weakness in LPD protocol
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilotco.