[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
From: Tillmann Werner <tillmann.werner@xxxxxx>
Date: Mon, 23 Oct 2006 18:07:04 +0200

Luis,

> Tried it on Win2k3 SP1:
> C:\Documents and Settings\Administrator>%COMSPEC% /K
> "dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>A AAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>A AAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
> System replied:
> The filename or extension is too long.
>
>
> YEah! Buffer Overflow Windows XP SP2
>
> I Hill debug this.

What makes you think there is a buffer overflow? I'd say the 'dir' command 
reports an error for parameters beyond 256 chars. Just plain error handling, 
not a security issue, or am I missing something?

Tillmann

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: Arnaud Jacques
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: C. Hamby

References:
- Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
  - From: Luis Alberto Cortes Zavala

Prev by Date: [Full-disclosure] [USN-368-1] Qt vulnerability
Next by Date: [Full-disclosure] [Fwd: London DEFCON meet this Wednesday - more fun with RFID!]
Previous by thread: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
Next by thread: Re: [Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
Index(es):
- Date
- Thread