RE: WarFTPd 1.70.b01.04

["Demon Internet" <lists () hackerimmunity demon co uk>]

Jeremy,

Try these - and packetstorm is always worth a try for exploits.

http://packetstorm.decepticons.org/advisories/ussr/diewa170/ 
http://packetstorm.decepticons.org/9903-exploits/warftpd.170b1.passwd.txt
http://packetstorm.decepticons.org/0104-exploits/Hexyn-sa-19.txt
http://packetstorm.decepticons.org/advisories/b0f/warftpd.c (possibly?)
http://packetstorm.decepticons.org/0002-exploits/warftpd-dos.c (possibly?)

Richard

-----Original Message-----
From: Jeremy [mailto:prrthd () myrealbox com]
Sent: 14 December 2001 15:39
To: pen-test () securityfocus com
Subject: WarFTPd 1.70.b01.04


Hello all,
  We have several kiosks in our network that are maintained by a third party vender and which I have no control over. 
In a recent security audit I discovered that these kiosks are running WarFTPd 1.70.b01.04. The vender uses this to 
update the kiosks. I noticed that eeye.com found a BOF in this exact version and I am looking for an exploit to prove 
to management that our vender needs to upgrade the software. Also, are there any other vulnerabilities that I should be 
aware of for this version of WarFTP.

Thanks,
  Jeremy


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/