HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #111
From team Ailuropoda Melanoleucas
New advisory by : Samsa
Affected service(s): tcpserver
Severity [lmh] : medium
===== Problem =====
Boundary condition problem in remoteinfo.c can make a remote service to crash
with big buffers, this is done with stralloc_append(out,&ch)
To exploit this, a 113/tcp may be listening when connect to the 1353/tcp
then three : will be needed to enter in the vulnerable code.
===== Impact =====
Denial of theserver, remote process crash.
===== Fix =====
control the for(;;) limit not only with \n termination byte.
Rating
[0] stralloc_append does bounds checking