Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
BlueZ the SDP load handles many buffer overflow crack
  Add date: 07/11/2008   Publishing date: 07/11/2008   Hits: 167
Total 2 pages, Current page:1, Jump to page:
 

Issues the date: 2008-06-16
Renewal date: 2008-07-08

Is affected the system:
BlueZ BlueZ 3.34
Not affected system:
BlueZ BlueZ 3.35
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30105
CVE(CAN) ID: CVE-2008-2374

BlueZ is the official Linux blue tooth agreement stack.

The BlueZ SDP analysis code trusted blindly has input in the SDP text character string length field, if the long-distance aggressor has transmitted malicious response to the SDP inquiry, might trigger the buffer overflow, caused to refuse to serve or the execution random code.

The following is in the bluez-libs-3.30/src/sdp.c document crack code section:

972 static sdp_data_t *extract_str (const void *p, int *len)
973 {
974        char *s;
975        int n;
976        sdp_data_t *d = malloc(sizeof(sdp_data_t));
977
978        memset (d, 0, sizeof(sdp_data_t));
979        d->dtd = * (uint8_t *) p;
980        p += sizeof(uint8_t);
981        *len += sizeof(uint8_t);
982
983        switch (d->dtd) {
984        case SDP_TEXT_STR8:
985        case SDP_URL_STR8:
986                n = * (uint8_t *) p;  // <-- from the incoming packet
987                p += sizeof(uint8_t);
988                *len += sizeof(uint8_t) + n;  // <-- blindly
trusted here, may advance parser past end of packet
989                break;
990        case SDP_TEXT_STR16:
991        case SDP_URL_STR16:
992                n = ntohs (bt_get_unaligned ((uint16_t *) p));  //
<-- from the incoming packet
993                p += sizeof(uint16_t);
994                *len += sizeof(uint16_t) + n;  // <-- blindly
trusted here, may advance parser past end of packet
995                break;
996        default:
997                SDPERR (“Sizeof text string > UINT16_MAX \ n”);
998                free(d);

 

Other pages: : 1 * 2 * Next>>
Prev:Panda the ActiveScan long-distance overflow and the CAB document installs the crack willfully Next:1024 CMS many documents contain the crack

Comment:

Category: Home > System crack
Home