_________________________________________________________________ [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] How to exploit AlephOne by JP of AntiOnline _________________________________________________________________ * To: BUGTRAQ@NETSPACE.ORG * Subject: How to exploit AlephOne by JP of AntiOnline * From: F0RMiCA * Date: Fri, 24 Apr 1998 00:28:54 -0700 * Approved-By: aleph1@DFW.NET * Reply-To: F0RMiCA * Sender: Bugtraq List _________________________________________________________________ Hello, I am bringing to your attention a very serious offense to AlephOne's First Amendment Rights and to Copyright Violation. Recently I noticed that AntiOnline Posted a "Special Report" on Buffer Exploits which is a startling resemblance to AlephOne's Article in PHRACK49 "Smashing the Stack..." Here is what i mean: JP: ----------------------- void function(char *str) { char buffer[16]; strcpy(buffer,str);} void main() { char evil[256]; int i; for(i=0;i<255;i++) evil[i] = 'A'; function(evil);} AlephOne: --------------void function(char *str) { char buffer[16]; strcpy(buffer,str);}void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; function(large_string);} AND FOR MORE: JP: ----- Ok, we can tell that a typical buffer overflow exists here,the function involved uses the strcpy() function to check its bounds, instead of the safer, strncpy(). AlephOne: -------------- This is program has a function with a typical buffer overflow coding error. The function copies a supplied string without bounds checking by using strcpy() instead of strncpy(). ****************************************** I am bringing this up because there was no citation or credit given to AlephOne to *HIS* code, not JP's, and that it is a serious illegal offense, not to mention highly immoral, to steal the works of other colleagues in this field. because of this, antionline (www.antionline.com) and JP should be boycotted and even prosecuted for copyright infringement. F0RMiCA Ambient Empire http://www.thegrid.net/positron _________________________________________________________________ * Prev by Date: Re: Another Frontpage Bug, with promiscuous ScriptAliases * Next by Date: Security Hole in Netscape Enterprise Server 3.0 * Prev by thread: Flaw in HTTP-Authentication in O'Reilly Website Pro * Next by thread: Security Hole in Netscape Enterprise Server 3.0 * Index(es): + Date + Thread