[24396] in bugtraq
Re: Cert Advisory 2002-03 and HP JetDirect
daemon@ATHENA.MIT.EDU (david evlis reign)
Sat Feb 23 10:53:54 2002
From: "david evlis reign" <davidreign@hotmail.com>
To: bugtraq@securityfocus.com
Date: Fri, 22 Feb 2002 10:14:20 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F56aLI9mK6PYzDabigP00014971@hotmail.com>
As an interesting side note, Ethereal (a popular open source sniffer /
traffic analyzer) crashes every time it sees this packet also. It gives the
error "GLib-ERROR **: could not allocate -1 bytes aborting...".
this caught my attention for two reasons.
my probably wrong explantion for this is the following:
1) mangled packet sent, containing some large values (no idea what)
2) ettercap recieves and processes this saying that int whatever = <large
value from packet>
3) int returns unsigned, classic integer overflow style.
4) passed to malloc as an unsigned value, malloc shits itself.
5) ettercap spits out cant allocate <whatever> bytes.
possibly exploitable (heap + int == hard ;))
someone prove me wrong _please_
davidr
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
