Full Disclosure mailing list archives
Working proftpd remote root exploit
From: Carl Livitt <carl () learningshophull co uk>
Date: Mon, 13 Oct 2003 17:08:32 +0000
Attached is a remote root, chroot-breaking brute-force exploit for the \n processing bug in ProFTPd 1.2.7 - 1.2.9rc2. It has been tested successfully on SuSE 8.0/8.1 & RedHat 7.2 and 8.0. Note: it is noisy and leaves a lot of mess (ie, bad uploaded text files) on the target server. It is left as an excercise for the reader to remove these or rework the exploit to do the deletion. Cheers, Haggis
Attachment:
proft_put_down.c
Description:
Current thread:
- Working proftpd remote root exploit Carl Livitt (Oct 13)
- <Possible follow-ups>
- re: Working proftpd remote root exploit chris (Oct 13)
- Re: re: Working proftpd remote root exploit Carl Livitt (Oct 13)