Vulnerability Development mailing list archives
FTP Fuzzer
From: "infocus" <infocus () infigo hr>
Date: Sun, 13 Nov 2005 00:42:27 +0100
Hi, We have released simple and user friendly GUI FTP fuzzer tool for stress testing FTP server implementations. It is quite configurable tool, which means that you can precisely define which FTP commands will be fuzzed with the parameter size and test strings. Running this fuzzer against FTP server implementations resulted in uncovering numerous security vulnerabilities (overflows, format strings) in various FTP servers. After short period of fuzzing, fuzzer revealed buffer overflow vulnerabilities in for example: - ArgoSoft FTP Server (RNTO Unicode overflow) - Golden FTP Server (NLST overflow) - FileZilla FTP Server (MLSD) - FileZilla remote server interface (homemade protocol) - WarFTPD (various exceptions and WDM.exe overflow) You can download it from: http://www.infigo.hr/files/ftpfuzz.zip Regards, Leon Juranic
Current thread:
- FTP Fuzzer infocus (May 01)
- Re: FTP Fuzzer Alice Bryson (May 03)
- Re: FTP Fuzzer Leon Juranic (May 03)
- Re: FTP Fuzzer Alice Bryson (May 03)