Bugtraq mailing list archives

Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power)

From: W.H.J.Pinckaers () CPEDU RUG NL (W.H.J.Pinckaers)
Date: Wed, 29 Sep 1999 13:00:32 MET


sq01 () Yorku Ca <sq01 () Yorku Ca> Wrote

Hi,


Short of disabling ftpd completely, is there a work-around that will not
affect our users ?


At this time: NO, but please make sure you are vulnerable first, we
did discover that this bug is very specific for AIX 4.3.2. (Most other
AIX versions aren't vulnerable to this particular bug)

You can check this by running something like:
perl -e 'print "A" x 5000' | nc -v -v aix 21
(effectivly sending a long string to the aix ftpd)
if this returns immediatly (ftpd dies) you are vulnerable if it returns a
lot of 500 AAAAAAA... unknown command or something like that
errors you are NOT vulnerable.

Greetz
    dvorak (@synnergy.net // @hit2000.org)

Current thread:

Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) W.H.J.Pinckaers (Sep 29)
- Updated Allaire Security Zone Bulletin and Patch Available Aleph One (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 Bill Pemberton (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Troy A. Bollinger (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Keith Stevenson (Sep 29)