Bugtraq mailing list archives
Local exploit for TrollFTPD-1.26
From: zen-parse <zen-parse () gmx net>
Date: Mon, 13 Aug 2001 15:22:22 +1200 (NZST)
Affects: TrollFTPD 1.26 (probably earlier) Severity: local users can gain root access. Fix: upgrade to TrollFTPD-1.27 Fix URL: ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Description: An error in the handling of recursive directory listings can result in an exploitable buffer overflow. Exploit: (offsets are for one machine. not guaranteed to work on any others.) Run the program, ftp localhost <in ftp> (your username) (your password) cd /tmp ls -R <out of ftp> Connect to port 10000 with nc Be nice. -- zen-parse -- ------------------------------------------------------------------------- The preceding information, unless directly posted by zen-parse () gmx net to an open forum is confidential information and not to be distributed (without explicit permission being given by zen-parse () gmx net). Legal action may be taken to enforce this. If you are mum or dad, this probably doesn't apply to you.
Attachment:
trock.c
Description: TrollFTPD exploit
Current thread:
- Local exploit for TrollFTPD-1.26 zen-parse (Aug 12)
- <Possible follow-ups>
- Re: Local exploit for TrollFTPD-1.26 Jedi/Sector One (Frank DENIS) (Aug 13)