Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AnalogX Proxy DoS

From: Pavel Machek <pavel () UCW CZ>
Date: Sun, 30 Jul 2000 21:11:36 +0200
Hi!


Severity:               Low

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Proof of concept

        Sending an FTP "USER" command containing approximately 370 or
        more characters to the proxy server FTP TCP port 21 will crash
        it.

        Example #1: nc 192.168.1.2 21 < ftp.txt

        Where ftp.txt contains:
        "USER [long string of ~370 chars]@isp.com"


Denial of service only? It does not look so. It looks much more like
possibility to run arbitrary code on your windows machine! Or is
there specific reason why this can't be used to run arbitrary code?
                                                                Pavel
PS: It seems to me that many "Denial of Services" for windows machines
are "run arbitrary code" instead. It would be nice if people in
advisories told why their think that "run arbitrary code" is not
possible.
--
I'm pavel () ucw cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss () linmodems org
Previous By Date Next
Previous By Thread Next

Current thread: