[AWS] buffer overflow ??

Darren New dnew@san.rr.com
Fri, 09 Apr 2004 08:56:45 -0700

Previous message: [AWS] buffer overflow ??
Next message: [AWS] buffer overflow?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 > There is a buffer overflow in ADA image server when you send
 > a GET request following by 2.112 characters.
 > A cracker may exploit this vulnerability to make your web
 > server crash continually or even execute
 > arbirtray code on your system.

Wouldn't the range checking in Ada prevent this sort of stack-smashing 
code from working? I can see where something like this could raise an 
exception, and where if your code doesn't handle exceptions well it 
could crash the server, but I must admit I don't understand Ada well 
enough to know why a buffer overflow would lead to arbitrary code 
execution, unless you've explicitly turned off range checking for some 
reason.

Can someone enlighten me?

-- 
Darren New, San Diego CA USA (PST)
   I am in geosynchronous orbit, supported by
   a quantum photon exchange drive....

Previous message: [AWS] buffer overflow ??
Next message: [AWS] buffer overflow?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]