Bugtraq mailing list archives
Re: war-ftpd 1.6x DoS
From: jgaa () JGAA COM (Jarle Aase)
Date: Thu, 3 Feb 2000 08:41:34 +0100
I can confirm that version 1.6* have a problem, as described in the initial report. Until now, the command parser in War FTP Daemon 1.6* has allowed commands up to 8 KB in size. To prevent this, and other buffer-overflow problems, this size is decreased to (MAX_PATH + 8), and an additional check is added that prevents any command argument to exceed MAX_PATH in length. A new version, 1.67-4 has been released with this modification. See http://war.jgaa.com/alert/ for download details. Jarle Aase
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Toshimi Makino Sent: Tuesday, February 01, 2000 8:59 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: war-ftpd 1.6x DoS Hello, "war-ftpd" is very popular ftp server for Windows95/98/NT. I found DoS problem to "war-ftpd 1.6x" recently. Outline: It seems to occur because the bound check of the command of MKD/CWD that uses it is imperfect when this problem controls the directory. However, could not hijack the control of EIP so as long as I test. It is because not able to overwrite the RET address, because it seems to be checking buffer total capacity properly in 1.66x4 and later. The boundary of Access Violation breaks out among 8182 bytes from 533 bytes neighborhood although it differs by the thread that receives attack. The version that is confirming this vulnerable point is as follows. 1.66x4s, 1.67-3 The version that this vulnerable point was not found is as follows. 1.71-0
[...]
Current thread:
- Re: SyGate 3.11 Port 7323 / Remote Admin hole Brian Hampson (Jan 31)
- <Possible follow-ups>
- Re: SyGate 3.11 Port 7323 / Remote Admin hole Russ (Feb 01)
- war-ftpd 1.6x DoS Toshimi Makino (Jan 31)
- Re: war-ftpd 1.6x DoS Jarle Aase (Feb 02)
- [xforce () iss net: ISSalert: ISS E-Security Alert: Form Tampering Vulnerabilities in Several Web-Based Shopping Cart Applications] Patrick Oonk (Feb 01)
- SV: SyGate 3.11 Port 7323 / Remote Admin hole Sani Huttunen (Feb 01)
- vulnerability in Linux Debian default boot configuration Pierre Beyssac (Feb 02)
- [Debian] New version of apcd released Aleph One (Feb 02)
- Webspeed security issue George (Feb 03)
- war-ftpd 1.6x DoS Toshimi Makino (Jan 31)