Search the web
Sign In
New User? Sign Up
palace-pserver · Independent Forum for the Palace PServer
  • Members Only
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Members
  • Calendar
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Message search is now enhanced, find messages faster. Take it for a spin.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
buffer overflow vulnerabilities?   Message List  
Reply | Forward Message #512 of 535 |
Re: [palace-pserver] buffer overflow vulnerabilities?

I will reply to you privately, given the sensitivity of this problem. Please
expect a response from me.

Thanks,
Doug

Doug Mehus (doug@...)
Executive Director
The Palace Legacy Project
http://www.palacechat.us/

----- Original Message -----
From: "DollieGirl" <dolliegirl@...>
To: <palace-pserver@yahoogroups.com>
Sent: Monday, September 15, 2003 4:39 AM
Subject: [palace-pserver] buffer overflow vulnerabilities?

Greetings,

Does anyone know of any history of buffer overflow vulnerability
attacks against palace server?

Twice within the last week, I have tried to log in to my hosted
palace, only to find the god password has been changed. I did not
change the password, my host did not change the password. There are
no password changes indicated in the log.

However... what I do see in the log - over the course of the week -
is that one particular person keeps spawning instant palace session
after instant palace session after instant palace session...

They keep doing this even after the server has noted that the maximum
number of duplicate IP address sessions permitted has been exceeded.

Other than these attempts, the person never tries to log on, they
don't spend any time actually chatting, they have no history of
having been a regular visitor.

I confess I have not yet gotten my CISSP but I do have a few years of
infosec training and work on my resume, so it seems to me that the
behavior patterns indicate an attempt to exploit a buffer overflow
vulnerability.

I don't know if those attempts are related to the god password having
been changed, but it appears to be a likely cause.

Any ideas along either path? Of god passwords mysteriously changing,
or of people attempting to use excessive instant palace sessions to
achieve a buffer overflow, and thereby giving them access to the
server?

I have banned the person in question, but no doubt if they are
serious about what they are trying to do, they will probably just get
themselves a fresh IP address and try it again...

Ideas, thoughts, info will be much appreciated.

(please use elf_spirit@... or dollieden@... if you
want to reply to me personally rather than to the group, I shut down
my dolliegirl@... email address several weeks ago as I
grew tired of waiting on Norton's to filter through hundreds of
blaster related emails - Nortons does a good job getting rid of it,
but you still have to wait while it does its thing)

Blessings and *hugs*

DollieGirl
elf_spirit@...

mycartoondolls.palacebox.com : 9999
*hugs*
Mon Sep 15, 2003 7:07 pm

Show Message Option
doug_yh
Offline Offline
Send Email Send Email

Forward 		Message #512 of 535 |
Expand Messages Author Sort by Date

Greetings, Does anyone know of any history of buffer overflow vulnerability attacks against palace server? Twice within the last week, I have tried to log in... 		DollieGirl
elfspiritct
Offline Send Email 		Sep 15, 2003
11:39 am

I will reply to you privately, given the sensitivity of this problem. Please expect a response from me. Thanks, Doug Doug Mehus (doug@...) Executive...
Doug Mehus
doug_yh
Offline Send Email 		Sep 15, 2003
7:09 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help