Bugtraq mailing list archives

Re: Buffer Overflow in Broker FTP Server

From: Knud Erik Højgaard <kain () ircop dk>
Date: Tue, 8 Apr 2003 19:26:58 +0200

subj wrote:

Product : Broker FTP Server
Version : 5.0
OSystem : Windows
Authors : TransSoft
WebSite : http://www.ftp-broker.com
Problem :
        * Buffer Overflow in field CWD

[snip]

To arrange overflow in field CWD, necessary to send on it more than
256 bytes of dust.
After that server will fall, and will not submit any life attributes.


Tested on brokerftp 5.0 on win2ksp3, unconfirmed. The current session will
indeed hang, but no access violation or the likes, and the server still
answers new session initialisations?. Various bufferlengths tried, your 256
and up ti appx. 4000.

--
Knud Erik Højgaard

Current thread:

Buffer Overflow in Broker FTP Server subj (Apr 01)
- Re: Buffer Overflow in Broker FTP Server Knud Erik Højgaard (Apr 09)