Dailydave mailing list archives
ProFTPD, Helix Server bugs
From: Evgeny Legerov <admin () gleg net>
Date: Thu, 23 Nov 2006 15:30:10 +0300
Hi, If you think that I never report my bugs to vendors - I do that, sometimes. Here are a few examples (probably it is worth to release a couple of advisories): https://lists.helixcommunity.org/pipermail/server-cvs/2006-June/003176.html https://helixcommunity.org/plugins/scmcvs/cvsweb.kliu.php/server/protocol/rtsp/rtspserv.cpp?cvsroot=%2F (search for "GLEG") This one was published somewhere, I reported it to proftpd team as weell. proftpd/contrib/mod_tls.c: """ ... if ((ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE))) datalen = BIO_get_mem_data(mem, &data); ### we can control datalen if (data) { memset(&buf, '\0', sizeof(buf)); memcpy(buf, data, datalen); ### plain buffer overflow here ... } """ Note: I failed to exploit this particular ProFTPD bug. -- Thanks, -Evgeny _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ProFTPD, Helix Server bugs Evgeny Legerov (Nov 23)