AOH :: HP Unsorted S :: BX1121.HTM

St. Bernard Open File Manager Heap Overflow Vulnerability



ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability
ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability



WkRJLTA3LTA3ODogU3QuIEJlcm5hcmQgT3BlbiBGaWxlIE1hbmFnZXIgSGVhcCBPdmVyZmxvdyBW
dWxuZXJhYmlsaXR5DQpodHRwOi8vd3d3Lnplcm9kYXlpbml0aWF0aXZlLmNvbS9hZHZpc29yaWVz
L1pESS0wNy0wNzguaHRtbA0KRGVjZW1iZXIgMTcsIDIwMDcNCg0KLS0gQ1ZFIElEOg0KQ1ZFLTIw
MDctNjI4MQ0KDQotLSBBZmZlY3RlZCBWZW5kb3I6DQpTdC4gQmVybmFyZA0KDQotLSBBZmZlY3Rl
ZCBQcm9kdWN0czoNCk9wZW4gRmlsZSBNYW5hZ2VyIDkuNQ0KDQotLSBUaXBwaW5nUG9pbnQoVE0p
IElQUyBDdXN0b21lciBQcm90ZWN0aW9uOg0KVGlwcGluZ1BvaW50IElQUyBjdXN0b21lcnMgaGF2
ZSBiZWVuIHByb3RlY3RlZCBhZ2FpbnN0IHRoaXMNCnZ1bG5lcmFiaWxpdHkgYnkgRGlnaXRhbCBW
YWNjaW5lIHByb3RlY3Rpb24gZmlsdGVyIElEIDU1MDYuIA0KRm9yIGZ1cnRoZXIgcHJvZHVjdCBp
bmZvcm1hdGlvbiBvbiB0aGUgVGlwcGluZ1BvaW50IElQUzoNCg0KICAgIGh0dHA6Ly93d3cudGlw
cGluZ3BvaW50LmNvbSANCg0KLS0gVnVsbmVyYWJpbGl0eSBEZXRhaWxzOg0KVGhpcyB2dWxuZXJh
YmlsaXR5IGFsbG93cyBhdHRhY2tlcnMgdG8gZXhlY3V0ZSBhcmJpdHJhcnkgY29kZSBvbg0KdnVs
bmVyYWJsZSBpbnN0YWxsYXRpb25zIG9mIFN0LiBCZXJuYXJkIE9wZW4gRmlsZSBNYW5hZ2VyLg0K
QXV0aGVudGljYXRpb24gaXMgbm90IHJlcXVpcmVkIHRvIGV4cGxvaXQgdGhpcyB2dWxuZXJhYmls
aXR5Lg0KDQpUaGUgc3BlY2lmaWMgZmxhdyByZXNpZGVzIGluIHRoZSBPcGVuIEZpbGUgTWFuYWdl
ciBzZXJ2aWNlLCBvZm1udC5leGUsDQp3aGljaCBsaXN0ZW5zIGJ5IGRlZmF1bHQgb24gYSByYW5k
b20gVENQIHBvcnQgbmVhciAxMDAwLiBUaGUgcHJvY2Vzcw0KYmxpbmRseSBjb3BpZXMgdXNlci1z
dXBwbGVkIGRhdGEgdG8gYSBzdGF0aWMgaGVhcCBidWZmZXIuIEJ5IHN1cHBseWluZw0KYW4gb3Zl
cmx5IGxhcmdlIGFtb3VudCBvZiBkYXRhLCBhbiBhdHRhY2tlciBjYW4gb3ZlcmZsb3cgdGhhdCBi
dWZmZXINCmxlYWRpbmcgdG8gYXJiaXRyYXJ5IGNvZGUgZXhlY3V0aW9uIGluIHRoZSBjb250ZXh0
IG9mIHRoZSBTWVNURU0gdXNlci4NCg0KDQotLSBWZW5kb3IgUmVzcG9uc2U6DQpTdC4gQmVybmFy
ZCBoYXMgaXNzdWVkIGFuIHVwZGF0ZSB0byBjb3JyZWN0IHRoaXMgdnVsbmVyYWJpbGl0eS4gVmVy
c2lvbg0KOS42IGJ1aWxkIDYwMiBhdmFpbGFibGUgdG8gY3VzdG9tZXJzIGFkZHJlc3NlcyB0aGlz
IGlzc3VlLiBPdGhlcg0KYWZmZWN0ZWQgdmVuZG9ycyBzdWNoIGFzIEhld2xldHQtUGFja2FyZCBo
YXZlIG1hZGUgZml4ZXMgYXZhaWxhYmxlIHRvDQpjdXN0b21lcnMgYXMgd2VsbC4NCg0KLS0gRGlz
Y2xvc3VyZSBUaW1lbGluZToNCjIwMDcuMDcuMjAgLSBWdWxuZXJhYmlsaXR5IHJlcG9ydGVkIHRv
IHZlbmRvcg0KMjAwNy4xMi4xNyAtIENvb3JkaW5hdGVkIHB1YmxpYyByZWxlYXNlIG9mIGFkdmlz
b3J5DQoNCi0tIENyZWRpdDoNClRoaXMgdnVsbmVyYWJpbGl0eSB3YXMgZGlzY292ZXJlZCBieSBh
biBhbm9ueW1vdXMgcmVzZWFyY2hlci4NCg0KLS0gQWJvdXQgdGhlIFplcm8gRGF5IEluaXRpYXRp
dmUgKFpESSk6DQpFc3RhYmxpc2hlZCBieSBUaXBwaW5nUG9pbnQsIFRoZSBaZXJvIERheSBJbml0
aWF0aXZlIChaREkpIHJlcHJlc2VudHMgDQphIGJlc3Qtb2YtYnJlZWQgbW9kZWwgZm9yIHJld2Fy
ZGluZyBzZWN1cml0eSByZXNlYXJjaGVycyBmb3IgcmVzcG9uc2libHkNCmRpc2Nsb3NpbmcgZGlz
Y292ZXJlZCB2dWxuZXJhYmlsaXRpZXMuDQoNClJlc2VhcmNoZXJzIGludGVyZXN0ZWQgaW4gZ2V0
dGluZyBwYWlkIGZvciB0aGVpciBzZWN1cml0eSByZXNlYXJjaA0KdGhyb3VnaCB0aGUgWkRJIGNh
biBmaW5kIG1vcmUgaW5mb3JtYXRpb24gYW5kIHNpZ24tdXAgYXQ6DQoNCiAgICBodHRwOi8vd3d3
Lnplcm9kYXlpbml0aWF0aXZlLmNvbQ0KDQpUaGUgWkRJIGlzIHVuaXF1ZSBpbiBob3cgdGhlIGFj
cXVpcmVkIHZ1bG5lcmFiaWxpdHkgaW5mb3JtYXRpb24gaXMgdXNlZC4NCjNDb20gZG9lcyBub3Qg
cmUtc2VsbCB0aGUgdnVsbmVyYWJpbGl0eSBkZXRhaWxzIG9yIGFueSBleHBsb2l0IGNvZGUuDQpJ
bnN0ZWFkLCB1cG9uIG5vdGlmeWluZyB0aGUgYWZmZWN0ZWQgcHJvZHVjdCB2ZW5kb3IsIDNDb20g
cHJvdmlkZXMgaXRzDQpjdXN0b21lcnMgd2l0aCB6ZXJvIGRheSBwcm90ZWN0aW9uIHRocm91Z2gg
aXRzIGludHJ1c2lvbiBwcmV2ZW50aW9uDQp0ZWNobm9sb2d5LiBFeHBsaWNpdCBkZXRhaWxzIHJl
Z2FyZGluZyB0aGUgc3BlY2lmaWNzIG9mIHRoZQ0KdnVsbmVyYWJpbGl0eSBhcmUgbm90IGV4cG9z
ZWQgdG8gYW55IHBhcnRpZXMgdW50aWwgYW4gb2ZmaWNpYWwgdmVuZG9yDQpwYXRjaCBpcyBwdWJs
aWNseSBhdmFpbGFibGUuIEZ1cnRoZXJtb3JlLCB3aXRoIHRoZSBhbHRydWlzdGljIGFpbSBvZg0K
aGVscGluZyB0byBzZWN1cmUgYSBicm9hZGVyIHVzZXIgYmFzZSwgM0NvbSBwcm92aWRlcyB0aGlz
IHZ1bG5lcmFiaWxpdHkNCmluZm9ybWF0aW9uIGNvbmZpZGVudGlhbGx5IHRvIHNlY3VyaXR5IHZl
bmRvcnMgKGluY2x1ZGluZyBjb21wZXRpdG9ycykNCndobyBoYXZlIGEgdnVsbmVyYWJpbGl0eSBw
cm90ZWN0aW9uIG9yIG1pdGlnYXRpb24gcHJvZHVjdC4NCg0KQ09ORklERU5USUFMSVRZIE5PVElD
RTogVGhpcyBlLW1haWwgbWVzc2FnZSwgaW5jbHVkaW5nIGFueSBhdHRhY2htZW50cywNCmlzIGJl
aW5nIHNlbnQgYnkgM0NvbSBmb3IgdGhlIHNvbGUgdXNlIG9mIHRoZSBpbnRlbmRlZCByZWNpcGll
bnQocykgYW5kDQptYXkgY29udGFpbiBjb25maWRlbnRpYWwsIHByb3ByaWV0YXJ5IGFuZC9vciBw
cml2aWxlZ2VkIGluZm9ybWF0aW9uLg0KQW55IHVuYXV0aG9yaXplZCByZXZpZXcsIHVzZSwgZGlz
Y2xvc3VyZSBhbmQvb3IgZGlzdHJpYnV0aW9uIGJ5IGFueSANCnJlY2lwaWVudCBpcyBwcm9oaWJp
dGVkLiAgSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlDQpkZWxl
dGUgYW5kL29yIGRlc3Ryb3kgYWxsIGNvcGllcyBvZiB0aGlzIG1lc3NhZ2UgcmVnYXJkbGVzcyBv
ZiBmb3JtIGFuZA0KYW55IGluY2x1ZGVkIGF0dGFjaG1lbnRzIGFuZCBub3RpZnkgM0NvbSBpbW1l
ZGlhdGVseSBieSBjb250YWN0aW5nIHRoZQ0Kc2VuZGVyIHZpYSByZXBseSBlLW1haWwgb3IgZm9y
d2FyZGluZyB0byAzQ29tIGF0IHBvc3RtYXN0ZXJAM2NvbS5jb20uIA0K

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.