Bugtraq mailing list archives
Re: Possible WU-ftpd Worm ?
From: shrike () IL FONTYS NL (M.Brands)
Date: Thu, 15 Apr 1999 00:36:53 +0200
* Limitations: * * because I've used hard coded address's for system and the command, * the values wont be the same in others compilations of wu-ftpd. * so, you will need to find the address for the version * you want to exploit. * * because we are not using the stack to put our code, the exploit * will work as well against a non-executable stack patch. * * * RECOMENDATION = Please, run gdb through the wu.ftpd binary in order to * find out your "system address" (ie: print system) and write it down * so you can have more address to try - just overwrite the default addr * and choose type (3).
/* CUSTOM ADDRESS, CHANGE IT IN ORDER TO EXPLOIT ANOTHER BOX */ #define SYSADDR 0x40043194; #define EGGADDR 0x805f1dc;
I just checked my Redhat 5.2 system with wu-ftpd-2.4.2b18-2.1.rpm installed. Since the stock binary was stripped, I built a new one with the source RPM. Checking both the symbols and the source, I could not find any use of the system(3) call. That's pretty hard to exploit... I think at least the version of wu-ftpd supplied by Redhat isn't exploitable. I could however be terribly wrong. In that case I guess I'll have to find a very big rock to hide under :) Mathijs
Current thread:
- Re: Serious security holes in web anonimyzing services, (continued)
- Re: Serious security holes in web anonimyzing services Jeremey Barrett (Apr 13)
- Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
- Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 13)
- Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
- Re: ARP problem in Windows9X/NT Alan DeKok (Apr 13)
- Re: ARP problem in Windows9X/NT Joseph Gooch (Apr 14)
- Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 15)
- Possible WU-ftpd Worm ? Stu Alchor (Apr 13)
- Re: Possible WU-ftpd Worm ? Gregory A Lundberg (Apr 14)
- Re: Possible WU-ftpd Worm ? Gregory Newby (Apr 14)
- Re: Possible WU-ftpd Worm ? M.Brands (Apr 14)
- Real Media Server stores passwords in plain text Francisco M. Marzoa Alonso (Apr 14)
- Announce: Secure UNIX Programming FAQ Thamer Al-Herbish (Apr 13)
- Bugs in anonymity services Avi Rubin (Apr 13)