Vulnerability Development mailing list archives
Re: compress(vul) + ftpd(?)
From: HypH <hyphen () go2 pl>
Date: Thu, 7 Mar 2002 16:30:58 +0100
On Thu 7. March 2002 15:18, H D Moore wrote:
YES. wu-ftpd will call compress with the file name as an argument if you request the file name ending in .Z. You have to be able to write out a file name containing the shell code to exploit the bug.
The problem is that the file have to be 1100 chars long , with the shellcode within. But wu-ftpd doesn`t allow/handle so long filenames.
I mentioned the compress bug back in 1998 and again in 2000, it finally got fixed on some of the newer SuSE releases (not sure about Red Hat, I dont use it).
Compress in Red Hat 7.1 and 7.2 isnt fixed to this bug. -- +-+-+-+-+-+-+-+-+-+-+-+ Were All Born Original Most Die As Copies +-+-+-+-+-+-+-+-+-+-+-+
Current thread:
- compress(vul) + ftpd(?) HypH (Mar 05)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
- Message not available
- Re: compress(vul) + ftpd(?) HypH (Mar 07)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
- Re: compress(vul) + ftpd(?) HypH (Mar 09)
- Re: compress(vul) + ftpd(?) KF (Mar 09)
- Re: compress(vul) + ftpd(?) HypH (Mar 09)
- Re: compress(vul) + ftpd(?) HypH (Mar 07)
- Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 09)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 10)
- Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 11)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 12)
- Re: compress(vul) + ftpd(?) Gushterul (Mar 12)
- Re: compress(vul) + ftpd(?) HypH (Mar 11)