Re: [twsocket] Buffer overflow in SMTP
On Mar 16, 2007, at 15:51, David Colliver wrote: It certainly looks like email addresses. I know that 4000 bytes are unusual but this is how a lot of software tends to suffer from exploits like this, as 4000 bytes is not regularly tested for. Its the responsibility of the application to check for buffer allocation, not the component. The component is built to take what you give it. dZ. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver wrote: Hi Piotr, I just happened to come across the vulnerability as someone has reported it on many security websites. Any links? BTW: You talked about client components ( SMTP or POP3 ? ), targets of buffer overflow-attacks usually are servers, otherwise the server was the attacker. -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be