Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
From: Alberto Garcia Hierro <tcpdevil@xxxxxxxxxxxxxx>
Date: Fri, 31 Dec 2004 19:09:02 +0100
In-reply-to: <20041230233921.2776.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20041230233921.2776.qmail@xxxxxxxxxxxxxxxxxxxxx>
User-agent: KMail/1.7.2

El Viernes, 31 de Diciembre de 2004 00:39, houseofdabus HOD escribió:
> ---snip---
> /* HOD-ms04031-netdde-expl.c: 2004-12-30: PUBLIC v.0.2
>  *
>  * Copyright (c) 2004 houseofdabus.
>  *
>  * (MS04-031) NetDDE buffer overflow vulnerability PoC
 I needed to add a few lines to build it on Linux. Here is the diff:

@@ -11,6 +11,9 @@
 #include <sys/types.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
+#include <netdb.h>
+#define Sleep(x) sleep(x)
+#define closesocket(x) close(x)
 #endif


Regards,
 Alberto

-- 
/* Alberto García Hierro (Skyhusker) */

Attachment: pgp5YbFXbr9n0.pgp
Description: PGP signature

Follow-Ups:
- Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
  - From: Steve Friedl

References:
- [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
  - From: houseofdabus HOD

Prev by Date: ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks
Next by Date: [SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code execution
Previous by thread: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
Next by thread: Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
Index(es):
- Date
- Thread