[12798] in bugtraq
Re: FICS buffer overflow
daemon@ATHENA.MIT.EDU (Lionman)
Wed Dec 1 14:43:51 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991130135920.A20909@unix2.ksu.edu>
Date: Tue, 30 Nov 1999 13:59:20 -0600
Reply-To: Lionman <rohrerm@UNIX2.KSU.EDU>
From: Lionman <rohrerm@UNIX2.KSU.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.20.9911291455330.12102-100000@halflife.dyn.insomnia.org>; from
canul@HALFLIFE.DYN.INSOMNIA.ORG on Mon, Nov 29,
1999 at 02:57:30PM -0500
I should note that FICS development has been closed since 96. I would
guess 1.7.something is the server version being used since I didn't
have this problem and I use 1.6.2 for my server. From the work
I have done on the server, I have noticed there are many bugs in the
released sources for the server and talking about another bug is
more or less beating a dead horse. Simply, if someone is going
to run a server, a lot of work must be done to get it stable.
Michael Rohrer
On Mon, Nov 29, 1999 at 02:57:30PM -0500, canul wrote:
> While documenting the FICS (free internet chess server) protocol for
> purposes of an alternative to the xboard program, I encountered what looks
> to be a potential for attack. This vulnerability has been verified by one
> of the largest fics based systems, chess.net <http://www.chess.net>.
>
> The problem involves unchecked user input to a fixed length
> string. Non-denial of services exploitation of the questionable code looks
> possible but not trivial, as there is not room in the buffer for shell
> code, but putting it elsewhere is certainly a possibility. I have written
> a patch that resolves the problem, in some fashion.