Andrew Piskorski wrote:
On Mon, Nov 24, 2003 at 10:19:05AM -0500, Dave Aitel wrote:
This is someone brute forcing the remote heap overflow in AolServer.
Is this bug documented somewhere? Could it be one of these two?
http://sourceforge.net/tracker/?group_id=3152&atid=103152&func=detail&aid=229071
http://sourceforge.net/tracker/?group_id=3152&atid=103152&func=detail&aid=435552
--
Andrew Piskorski <[EMAIL PROTECTED]>
http://www.piskorski.com/
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of
your email blank.
I don't know what those are, but it's not in those files. It's mostly in
driver.c. It's related to the "DoS" that was reported last week in 3.4
with a 2 Gig file, if you remember that message. AOLServer usually has
a great reputation for security, but the 4.0 release didn't get a SPIKE
run over it until recently, I suspect.
Dave Aitel
Immunity, Inc.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of
your email blank.