CVE-1999-0847: 'Re: FICS buffer overflow' - MARC

[prev in list] [next in list] [prev in thread] [next in thread] List: bugtraq Subject: Re: FICS buffer overflow From: Lionman <rohrerm () UNIX2 ! KSU ! EDU> Date: 1999-11-30 19:59:20 [Download RAW message or body]

I should note that FICS development has been closed since 96. I would guess 1.7.something is the server version being used since I didn’t have this problem and I use 1.6.2 for my server. From the work I have done on the server, I have noticed there are many bugs in the released sources for the server and talking about another bug is more or less beating a dead horse. Simply, if someone is going to run a server, a lot of work must be done to get it stable.

Michael Rohrer

On Mon, Nov 29, 1999 at 02:57:30PM -0500, canul wrote:

While documenting the FICS (free internet chess server) protocol for purposes of an alternative to the xboard program, I encountered what looks to be a potential for attack. This vulnerability has been verified by one of the largest fics based systems, chess.net http://www.chess.net\.

The problem involves unchecked user input to a fixed length string. Non-denial of services exploitation of the questionable code looks possible but not trivial, as there is not room in the buffer for shell code, but putting it elsewhere is certainly a possibility. I have written a patch that resolves the problem, in some fashion.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic