Vulnerability Development mailing list archives
warftpd exploit?
From: mixter () NEWYORKOFFICE COM (Martin Ixter)
Date: Tue, 16 May 2000 21:00:12 +0300
WarFTPd 1.66 - 1.67 can be crashed due to an un-checked buffer for the CWD command, as this DoS exploit by eth0 from b0f shows. Now, it seems that the ret address can't be overwritten (so it is probably a dynamic buffer, and therefore a heap or data overflow)... I've seen some heap overflows against ftp servers that store the ret address in the PASS command of an anonymous login (since that's allocated on the stack).. does anyone think it is possible to actually exploit warftpd with a similar technique (I'm not sure if this is a heap overflow... sorry for incorrect assumptions, but I'm not a win32 debugger :) -Mixter ________________________ mixter () newyorkoffice com http://1337.tsx.org <HR NOSHADE> <UL> <LI>TEXT/PLAIN attachment: warftpd.c </UL>
Current thread:
- Re: New worm?, (continued)
- Re: New worm? Rich Corbett (May 04)
- Re: New worm? Edwin Concepcion (May 04)
- Re: New worm? Todd C. Campbell (May 10)
- Re: New worm? Dan Schrader (May 11)
- Re: New worm? Dimitry Andric (May 12)
- Re: New worm? Thierry Zoller (Apr 13)
- ScriptGuard Crispin Cowan (May 16)
- Re: ScriptGuard Thierry Zoller (Mar 16)
- Re: ScriptGuard Tim Wort (May 16)
- Re: ScriptGuard Chon-Chon Tang (May 16)
- warftpd exploit? Martin Ixter (May 16)
- Re: New worm? Dimitry Andric (May 12)
- Re: New worm? Bernie Cosell (May 12)
- ALERT: Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator (fwd) Bluefish (May 13)