Bugtraq mailing list archives
Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
From: alun () TEXIS COM (Alun Jones)
Date: Tue, 2 Nov 1999 20:39:10 -0000
In response to Luck Martins' report of a buffer overflow in WFTPD 2.40 and 2.34, we can confirm that this error does exist. Our initial tests suggest that it is more of a 'denial-of-service' nature, rather than an exploit allowing an attacker to load their own code into memory - the access that generates the fault is overwriting a single null byte into heap space, rather than stack space. We've been working on this problem over the weekend, coinciding as it has with our intent to release a new version, 2.41, early this week. We are completing regression testing and beta testing and will be releasing the new version later today. Alun Jones President, Texas Imperial Software.
Current thread:
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alun Jones (Nov 02)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability iarce (Nov 04)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alberto Soliņo (Nov 04)
- Palm Hotsync vulnerable to DoS attack Aviram Jenik (Nov 04)
- RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd) ah1 () SECURITYFOCUS COM (Nov 04)
- Microsoft Security Bulletin (MS99-047) Aleph One (Nov 04)
- Re-release of Microsoft Security Bulletin MS99-042 Aleph One (Nov 04)