FW: internet insecurity - repeated human errors

Ryan Shelswell (t-ryshel@nospam.microsoft.com)
Wed, 15 Feb 95 11:16:00 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jas: "Re: FW: internet insecurity - repeated human errors"
Previous message: Piers: "TADS problem - solved!"
Next in thread: Jas: "Re: FW: internet insecurity - repeated human errors"
Reply: Jas: "Re: FW: internet insecurity - repeated human errors"

Has anyone heard about this?

Ryan
----------
From: Jonathon Tidswell
To: Pty Research; Richard Buckland
Subject: internet insecurity - repeated human errors
Date: Tuesday, 14 February 1995 18:30

Using an attack identical in nature to that used on fingerd by the
internet worm,
NCSA httpd (web server) has been broken.

Will people learn from past mistakes ?

- JonT

PS The bug is using fixed length buffers without overflow checking
which can be overflowed thus overwriting the function return address on
the stack are executing arbitrary code embeded in the string used to
overflow the buffer.

Next message: Jas: "Re: FW: internet insecurity - repeated human errors"
Previous message: Piers: "TADS problem - solved!"
Next in thread: Jas: "Re: FW: internet insecurity - repeated human errors"
Reply: Jas: "Re: FW: internet insecurity - repeated human errors"