On Sat, 24 Aug 2002, Marc G. Fournier wrote:
> On 24 Aug 2002, Neil Conway wrote:
>
> > "Marc G. Fournier" <scrappy@hub.org> writes:
> >
> > > On 23 Aug 2002, Neil Conway wrote:
> > > > The datetime overrun does not require the ability to connect to
> > > > the database.
> > >
> > > Ack ... obviously I missed something, but, if you can't get a
> > > connection to the database, how exactly is this one triggered? :(
> >
> > If the application is accepting datetime input from the user ('what's
> > your birthday?', for example), and isn't doing some non-obvious input
> > validation on it (namely, checking that the input string isn't too
> > long), you can crash the backend. Gavin says executing arbitrary code
> > using the hole would be extremely difficult, but it's at least
> > conceivable.
>
> Right, but you have to get a connection to the backend in order to crash
> it ... no?
And what are the odds your application is going to bomb due to a buffer
overflow before it even gets to the database. I can see maybe with php,
but a web form should always be length limited.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo
atPop4 Networking http://www.camping-usa.com http://www.cloudninegifts.com http://www.meanstreamradio.com
http://www.unknown-artists.com
==========================================================================