Full Disclosure mailing list archives

Re: WFTPD Pro Server 3.23 Buffer Overflow

From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Tue, 07 Nov 2006 18:38:39 -0800

And did you email the vendor first?

mailto:bugs () texis com

It's listed on his page you know... and have you given them a chance to 
fix it or are you "too lazy" to give a vendor a chance to fix things 
first before you full-disclosure them?

There are some vendors that yeah.. it's hard to argue that they've not 
been given enough time to fix things...but may I ask you.... did you 
email the vendor first?  At least try to contact them?

In full disclosure, I know him and I've never ever seen him not be 
responsive and jump on a bug report...next time dude.... email is quite 
effective in contacting vendors... especially ones that are responsive, 
if a spam filter swallowed it up ... that's something that we're all 
having to unfortunately deal with these days... and I'll apologize if 
you did try to contact him.  But as I said, historically speaking he's 
always been very responsive.  (as someone said to me the spammers are 
hiring better coders these days...)

Joxean Koret wrote:

WFTPD Pro Server 3.23 Buffer Overflow
-------------------------------------

A buffer overflow was found in the APPE command when
passing (as first) a long string
with slashes and/or backslashes. The exploit is
clearly exploitable as overwritting EIP
is quite easy but I'm too lazy...

Attached goes an (unfinished) POC.

Disclaimer
----------

The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---------------------------------------------------------------------------

Contact
-------
Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es


              
______________________________________________ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y móviles desde 1 céntimo por minuto. 
http://es.voice.yahoo.com


-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WFTPD Pro Server 3.23 Buffer Overflow Joxean Koret (Nov 07)
- <Possible follow-ups>
- WFTPD Pro Server 3.23 Buffer Overflow Joxean Koret (Nov 07)
  - Re: WFTPD Pro Server 3.23 Buffer Overflow Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Nov 07)