Bugtraq mailing list archives
ftp.exe anf tftp.exe buffer overflows
From: Max <rusmir () tula net>
Date: Thu, 27 Feb 2003 16:43:21 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello there, ftp.exe and tftp.exe both have the same problem with unchecked hostname length. Description: ftp.exe and tftp.exe do not check the length of hostname parameter before passing it to gethostbyname(). This makes possible to crash them by providing a long enough (~550+ bytes) hostname string. According to Microsoft: (http://msdn.microsoft.com/library/en-us/winsock/winsock/gethostbyname_2.asp) "The gethostbyname function does not check the size of the name parameter before passing the buffer. In improperly sized name parameters, heap corruption can occur." Although it is sort of strange behaviour, it is documented. A good advice for MS developers is to read function description before using it. Both problems tested on up-to-date W2KPro. Thanks, Max. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+XrCw8mCpXsrcXpwRAvrCAKDrQ9HALqCl3w1F23xsEEgAD4is9ACg7uHC c5aVcrLBTzJ0/o4WJXsLVnM= =20xF -----END PGP SIGNATURE-----
Current thread:
- ftp.exe anf tftp.exe buffer overflows Max (Feb 28)