Re: ftp.exe buffer overflow ?

[Lord Soth <hydrax () NETVISION NET IL>]

Sorry, but I get a 501 permission denied when I issue that.
I've connected to ServU 2.5 for the purpose, using ftp.exe
on Win98.

Eli

Riley Hassell wrote:

> That problem was discussed a while ago with the unix/linux ftp clients. It's
> very
> interesting that Microsoft's ftp client has a similiar problem. ;)
>
> Possibly a format bug.
>
> --After reviewing it it looks like there is also a standard overflow.
> 'quote site exec <Ax1000>' overwrote the EIP =)
>
> ----- Original Message -----
> From: "cyber_hunter" <cyber_hunter () LINUXBR COM BR>
> To: <VULN-DEV () SECURITYFOCUS COM>
> Sent: Saturday, February 10, 2001 11:44 PM
> Subject: ftp.exe buffer overflow ?
>
> > While I was reading something about wu-ftp I found an interesting buffer
> > overflow on ftp.exe ,
> > first logon on any ftp server ( any ), then :
> >
> > quote site exec %s%s%s%s%s%s
> >
> > ( this will work even if server doesn't support site exec )
> >
> > and :  "ftp caused an invalid page fault in module MSVCRT.DLL ..."
> >
> > I don't know if an exploit can be made , and if this would be used for
> > something.
> > ps: I have not tried with any ftp client .