[3906] in bugtraq
Re: false alarm: query cgi problem
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Jan 10 16:58:40 1997
Date: Fri, 10 Jan 1997 12:03:22 -0500
Reply-To: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
From: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
> For anyone who cares, the buffer overflow in the query cgi is not
> exploitable. This is because the exploit requires 21,000+ bytes, and
> the maximum size for a URL is 1024 bytes. That is how it is defined
> in the RFC.
That doesn't necessarily mean it's not exploitable; it depends on what
the web server in question does with URLs that violate the RFC. If the
web server truncates, dumps the request, or something similar, you're
okay - but if it is liberal in what it accepts and is willing to handle
URLs 21K long, you could still be in trouble.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
