Re: lame ms-ftp large file creation bug

["Dave Korn" <davek_throwaway () hotmail com>]

----- Original Message -----
From: "wirepair" <wirepair () roguemail net>
To: <vuln-dev () securityfocus com>
Sent: Sunday, November 09, 2003 12:45 AM
Subject: lame ms-ftp large file creation bug


> lo all,
> bug or feature:

 Defined feature of the FTP protocol, and should in no way be unique to MS. 
 Do you understand what REST does?  It tells the server that you're sending 
*part* of a file, starting from your chosen position within the file.  In 
this case you tell it that you're sending part of an enormous file, starting 
from the 99999999999999999th byte.  When it starts to receive the data you 
send, it tries to create a file that size and start appending the data at 
that position.  Ok, somewhere along the line, the value gets incorrectly 
limited to 2gig (signed int maths), but basically the ftp server is doing 
exactly what you were crazy enough to ask it to!

     DaveK

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger