Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Hacking Techniques :: subsev-1.htm

SubSeven 2.1a Buffer Overflow BKI:



Vulnerability

    SubSeven

Affected

    SubSeven 2.1a

Description

    Andrew Griffiths found following.   There is a buffer overflow  in
    Subseven 2.1a.  It happens when  you tell the server to execute  a
    dos command > 315  chars long.  Depending  on how long it  is, you
    can get it to  quit quietly (not sure  how long) plain crash  (eip
    not written over) or trash every variable there. (Around 4000?)

    An interesting side effect seems  to be that stops connections  to
    139.   The default  install port is 27374, (assuming  no password)
    type DOS xxxxx(lot's x's)xxxxx and the connection should drop.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH