[70903] in North American Network Operators' Group
Re: What HTTP exploit?
daemon@ATHENA.MIT.EDU (Paul G)
Mon May 31 11:40:46 2004
From: "Paul G" <paul@rusko.us>
To: "Mike Nice" <niceman@att.net>,
"Vinny Abello" <vinny@tellurian.com>
Cc: <nanog@merit.edu>
Date: Mon, 31 May 2004 11:36:54 -0400
Errors-To: owner-nanog-outgoing@merit.edu
----- Original Message -----
From: "Vinny Abello" <vinny@tellurian.com>
To: "Mike Nice" <niceman@att.net>
Cc: <nanog@merit.edu>
Sent: Monday, May 31, 2004 11:31 AM
Subject: Re: What HTTP exploit?
-- snip --
> I thought if it can be crashed by
> cramming too much info into a buffer before it's truncated, that's
> considered a buffer overflow. I'm no programmer and may be off base here
> but it just struck me as odd also.
it could also be a heap overflow (unless we are talking fbsd, for example).
regardless, i would be very interested in having a look at that gentleman's
apache setup to see if we can crash it reliably <g>
paul
