Re: ebola 0.1.4 remote exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ebola 0.1.4 remote exploit
From: Paul L Daniels <pldaniels@xxxxxxxxxxxxx>
Date: Wed, 10 Dec 2003 06:54:43 +1000
In-reply-to: <001c01c3be77$1e2913a0$78bd5452@c0wboy>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: PLD
References: <001c01c3be77$1e2913a0$78bd5452@c0wboy>

Please note that this has also been fixed in 0.1.5 which has been available now 
for well over a week (Thanks to KF's
work at Snosoft).

There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls 
through out the codebase.  These have all
been changed over to the safer usage of snprintf().  Certainly there may still 
be more exploits in the codebase as the
codebase is no longer actively maintained (apart from when I receive 
bug/exploit reports), hence it would only be
productive to use the latest release for your hunting.

Furthermore, I believe there's a proceedure and protocol for disclosure of 
bugs/exploits, please, I would appeciate it
if in future that was used.

Regards.

-- 
Paul L Daniels    http://www.pldaniels.com
Linux/Unix systems    Internet Development
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
A.B.N. 19 500 721 806

References:
- ebola 0.1.4 remote exploit
  - From: c0wboy@0x333

Prev by Date: Re: Multiple Vendor SOAP server (XML parser) attribute blowup DoS
Next by Date: Re: Dell BIOS DoS
Previous by thread: ebola 0.1.4 remote exploit
Next by thread: [CLA-2003:798] Conectiva Security Announcement - gnupg
Index(es):
- Date
- Thread