Vulnerability Development mailing list archives
Re: FTP.EXE format string vulnerability
From: Jarno Huuskonen <Jarno.Huuskonen () uku fi>
Date: Thu, 14 Jun 2001 12:48:55 +0300
On Sun, Jun 10, ByteRage wrote:
It probably *still* doesn't matter much, but I found that the linux (Redhat 6.0 / Kernel 2.4.2) ftp client is also vulnerable to format string vulnerabilities :
This has been on vuln-dev or bugtraq earlier.
example : site %x NOTE : about my previous post : GET should've been a command to the server, like RETR or STOR... however, whether it's a working command or not, the format string bug still occurs.
This patch might help: --- netkit-ftp-0.16/ftp/cmds.c-orig Tue Oct 3 09:05:01 2000 +++ netkit-ftp-0.16/ftp/cmds.c Tue Oct 3 09:04:26 2000 @@ -1663,7 +1663,7 @@ len += strlen(strcpy(&buf[len], argv[i])); } } - if (command(buf) == PRELIM) { + if (command("%s", buf) == PRELIM) { while (getreply(0) == PRELIM); } } I think I backported the patch from netkit-ftp-0.17 or something like that ... or just upgrade to newer netkit-ftp -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen () uku fi
Current thread:
- FTP.EXE format string vulnerability ByteRage (Jun 10)
- <Possible follow-ups>
- Re:FTP.EXE format string vulnerability ByteRage (Jun 10)
- Re: FTP.EXE format string vulnerability Jarno Huuskonen (Jun 14)