Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Looking for Allies Against Google

Posted by ryuzaki0 on from the man-the-gates-bring-around-the-cannon dept.

Vitaly Friedman writes "A report in the Wall Street Journal today talks about how eBay is looking for partners to defend against the growing threat of Google. Specifically, Google Base and the payment system in the works in Mountain View are seen as possible dangers to eBay's auctions and PayPal payment operations, says the report. Google Talk just throws some salt in the wounds by looking for a toehold in Skype's turf."

2 of 216 comments (clear)

  1. OSX BOM ArchiveHelper Heap Overflow (reported 2/21 by Anonymous Coward · · Score: -1, Offtopic

    Apple OS X BOM ArchiveHelper .zip Heap Overflow

    Release Date:
    April 19th, 2006
    Severity:
    Medium
    Vendor:
    Apple
    Versions Affected:
    Apple OS X 10.4.6 and prior
    BomArchiveHelper 10.4 (6.3) Build 312

    Overview:
    BOMArchiveHelper is the default archive file handler in Mac OS X. It runs as a service that does not have a GUI interface. It is invoked when double clicking on a archived file. A heap overflow vulnerability exists within BOMArchiveHelper which allows for an attacker to cause the application to crash, and or to execute arbitrary code on a targeted host.

    Technical Details:
    When decompressing specially crafted .zip file, the BOMStackPop () function incorrectly parses the malformed data and causes the application to segmentation fault.

    Below the crash is triggered on OS X (PPC) 10.4.6 within gdb:

    Program received signal EXC_BAD_ACCESS, Could not access memory.
    Reason: KERN_INVALID_ADDRESS at address: 0x756e8897
    [Switching to process 411 thread 0x3a03]
    0x94498c14 in BOMStackPop ()
    (gdb) bt
    #0 0x94498c14 in BOMStackPop ()
    #1 0x944994e4 in _copyDir ()
    #2 0x944ab8fc in _copyFromPKZip ()
    #3 0x94499060 in _copyDir ()
    #4 0x944ab8fc in _copyFromPKZip ()
    #5 0x944aa1ac in _BOMCopierCopyFromPKZip ()
    #6 0x9449f270 in BOMCopierCopyWithOptions ()
    #7 0x0000c8cc in ?? ()
    #8 0x0000c1a0 in ?? ()
    #9 0x00007360 in ?? ()
    #10 0x00005938 in ?? ()
    #11 0x928d46d4 in forkThreadForFunction ()
    #12 0x9002b200 in _pthread_body ()
    (gdb) disas BOMStackPop
    Dump of assembler code for function BOMStackPop:
    0x94498c08 : mr. r3,r3
    0x94498c0c : li r11,0 0x94498c10 : beq- 0x94498c3c
    0x94498c14 : lwz r2,8(r3)
    0x94498c18 : cmpwi cr7,r2,0
    0x94498c1c : ble- cr7,0x94498c3c
    0x94498c20 : addi r2,r2,-1
    0x94498c24 : lwz r9,0(r3)
    0x94498c28 : li r0,0
    0x94498c2c : stw r2,8(r3)
    0x94498c30 : rlwinm r2,r2,2,0,29
    0x94498c34 : lwzx r11,r2,r9
    0x94498c38 : stwx r0,r2,r9
    0x94498c3c : mr r3,r11
    0x94498c40 : blr
    End of assembler dump.
    Solution:
    This vulnerability was to Apple on 2/21/2006. No patch is available at this time.

    Discovered by:
    Tom Ferris
    tommy[at]security-protocols[dot]com
    Related Links:
    http://www.security-protocols.com/poc/sp-x25.zip
    http://www.security-protocols.com/sp-x25-advisory. php
    http://www.apple.com/macosx/

    Copyright (c) 2006 Security-Protocols.com

  2. Re:Hey! by Feminist-Mom · · Score: -1, Offtopic

    Well being a feminist doesn't mean you don't like sex, or that you have to be a prude. Just the opposite in fact. And being a mom doesn't mean your sex life is over. I am only 28 after all.