Bugtraq mailing list archives
Re: AnalogX Proxy DoS
From: Pavel Machek <pavel () UCW CZ>
Date: Sun, 30 Jul 2000 21:11:36 +0200
Hi!
Severity: Low
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of concept Sending an FTP "USER" command containing approximately 370 or more characters to the proxy server FTP TCP port 21 will crash it. Example #1: nc 192.168.1.2 21 < ftp.txt Where ftp.txt contains: "USER [long string of ~370 chars]@isp.com"
Denial of service only? It does not look so. It looks much more like possibility to run arbitrary code on your windows machine! Or is there specific reason why this can't be used to run arbitrary code? Pavel PS: It seems to me that many "Denial of Services" for windows machines are "run arbitrary code" instead. It would be nice if people in advisories told why their think that "run arbitrary code" is not possible. -- I'm pavel () ucw cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss () linmodems org
Current thread:
- AnalogX Proxy DoS labs (Jul 25)
- Re: AnalogX Proxy DoS Pavel Machek (Jul 31)