Re: /Claimed/ remote root exploit in Pureftpd

[Jedi/Sector One <j () pureftpd org>]

On Sat, Jun 14, 2003 at 01:55:01AM +0530, Devdas Bhagat wrote:
> <dilema> PureFTPD (1.x.x) linux/x86 remote ROOT exploit.
> <dilema>
> !PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!
> <dilema> MUHAHAHAHA
> <dilema> lmao it's an 0-day fizewl
> <dilema> Linux/x86 PureFTPD remote exploit.
> <dilema> usage: ./pure [options]
> <dilema>         -c      remote host to connect to
> <dilema>         -o      remote port to use
> <dilema>         -u      remote username
> <dilema>         -p      remote password
> <dilema>         -i      get the password interactively
> <dilema>         -t      predefined target ("-t list" to list all
> targets)
> <dilema>         -d      writeable directory
> <dilema>         -l      shellcode address
> <dilema>         -v      debug level [0-2]
> <dilema>         -s      seconds to sleep after login (debugging
> purposes)
> <dilema>         -h      display this help

  Unless it is something totally different with exactly the same name and
the same help text, this fake 0 day is at least 6 months old. You can grab
it here : ftp://ftp.fr.pureftpd.org/misc/pureftps-fake.c

  That one relies on things that don't even exist in Pure-FTPd like CWD
globbing. Also as non-printable characters are replaced by underscores, the
shellcode should be at least changed a bit to be credible.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j () 42-Networks Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html