Vulnerability Development mailing list archives
Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability
From: "U dong-houn" <xploit () hackermail com>
Date: Wed, 05 Dec 2001 16:55:33 +0800
Have ever experienced such work before me. At that time, as well as Proftpd, by format string limitation that is found in wu-ftpd and so on, was mistaking. It is that is client limitation that was stupid justly. Format string bug happens in ftp client by source. Can see this now. bash-2.04$ ftp 127.0.0.1 Connected to 127.0.0.1. ... Name (127.0.0.1:x82): x82 331 Password required for x82. Password: 230 User x82 logged in. Remote system type is UNIX. Using binary mode to transfer files. ... ftp> site AAAA%x%x%x%x%x%x%x%x%x%x 500 'SITE AAAA806C1A527FA805164828057650BFFFE9C4BFFFC190455449534141412025782541' not understood. ftp> quote AAAA%x%x%x%x%x%x%x%x%x%x 500 AAAA806C1A627FF805164828057650BFFFE9C4BFFFC190414141417825782578257825 not understood. ftp> site AAAA%x%x%x%x%x%x%x%x%n Segmentation fault (core dumped) bash-2.04$ Stupid ftp client program may have to be re-formed. Desire there is no mistake ... If use a debugging tool, can see that have been expired in client. -- by Xpl017Elz P.S: Always so ... Sorry. I gave up original English. Study English since next time. So, make understood other people. Thank you for reading unwise writing. ^-^* -- Powered by Outblaze
Current thread:
- ProFTPD 1.2.2rc3 Remote Server Vulnerability smackenz (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability KF (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability Alex Butcher (vuln-dev) (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability scott (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability ARAI Yuu (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability (-> ftp client buffer overflow) Ciprian Csordas (Dec 05)
- <Possible follow-ups>
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability U dong-houn (Dec 05)