Vulnerability Development mailing list archives

Re: iis (ftp) 4.0

From: Juliano Rizzo <julianorizzo () CIUDAD COM AR>
Date: Tue, 1 Aug 2000 02:01:22 -0300

ftp> quote cd
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
421 Service not available, remote server has closed connection
ftp>


A lot of ftp clients have the user supplied format string bug in the
QUOTE command. You should use telnet, netcat or any other
client to test this kind of bugs
Btw the ftp server command to change current directory is CWD
not CD, cd is a client command and you are using quote.


I tought it was very weird and also I couldnt state if the ftpd really
coredump.. but I know it stays at least up because I can reconnect to


Are you sure that you can't reconnect?

the host. I have a theory that it core-dumps because of the client, and not
because of the server itself...


Yes, the client crash.

--
Juliano Rizzo <julianorizzo () ciudad com ar>

[Llave PGP disponible en servidores]
PGP DH/DSS 1024/2048 Fingerprint:
0739 CA21 677F E847 4D8C  720D E5C1 2329 0344 3CD6

Current thread:

iis (ftp) 4.0 Guilherme Mesquita (Aug 01)
- Re: iis (ftp) 4.0 Renaud Deraison (Aug 02)
- Re: iis (ftp) 4.0 Marc Maiffret (Aug 02)
- Re: iis (ftp) 4.0 3APA3A (Aug 02)
- Re: iis (ftp) 4.0 Michal Zalewski (Aug 02)
- Re: iis (ftp) 4.0 Juliano Rizzo (Aug 02)