Vulnerability Development mailing list archives
Re: iis (ftp) 4.0
From: Marc Maiffret <marc () eeye com>
Date: Tue, 1 Aug 2000 08:52:22 +0100
Its a client side bug with 'quote'. The same happens if you 'quote %p' etc... We have played with it a bit and determined it to be client side. If your looking for holes in IIS or any Windows based software then it is best to write your own test tools. A lot of time you will see false positives from things like telnet.exe, ftp.exe etc.... Signed, Marc Maiffret Chief Hacking Officer eCompany / eEye T.949.349.9062 F.949.349.9538 http://eEye.com | -----Original Message----- | From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of | Guilherme Mesquita | Sent: Sunday, July 30, 2000 1:46 PM | To: VULN-DEV () SECURITYFOCUS COM | Subject: iis (ftp) 4.0 | | | hey doods take a look at this: | | bash-2.03$ ftp xxx.xxx.microsoft.com | Connected to xxx.xxx.microsoft.com | 220 mickeysoft Microsoft FTP Service (Version 4.0). | Name (xxx.xxx.microsoft.com:guy): anonymous | 331 Anonymous access allowed, send identity (e-mail name) as password. | Password: | 230 Anonymous user logged in. | Remote system type is Windows_NT. | | ftp> quote cd | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f | %f%f%f%f%f | %f%f | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f | %f%f%f%f%f | %f%f | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f | %f%f%f%f%f | %f%f | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f | %f%f%f%f%f | %f%f | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f | ---> cd | -1.998074nan-1.9859430.0000000.0000000.0000000.0000000.0000000.0000000.0 | 000000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000 | 0000.00000 | 00.0 | 000000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000 | 0000.00000 | 00.0 | 000000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000 | 0000.00000 | 00.0 | 000000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000 | 0000.00000 | 00.0 | 000000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000 | 0000.00000 | 07.4 | 42459-1.9925080.00000086816672739201387167646197334643244353738878 | 1070233202 | 8541 | 322470032997080649810600699966006737127247397228742637573540249266 | 3674631417 | 0301 | 796640981108655387787154016958401583367784810035467926763803788334 | 3087572268 | 5103 | 4425372636072254092181766144.000000-1.9864577.330009-1.9867567.442 | 4593026459 | 6817 | 156688177460737829504276698666852065392074697193770247413313626341 | 3465766913 | 1456 | 798305708918593252675105189369237102250881173406194545227609736827 | 7402561850 | 9710 | 455104593995806290180648228932461181941782137807809322530767845501 | 3102407273 | 9522 | 38961588483129344.000000465175286548517542448929182683805232068466 | 3402268111 | 9172 | 234361458742794928218333627954530571039483388205675127966341766873 | 3585513958 | 6589 | 3389880296099612867387038073632042600167414774069191595008196608.0 | 00000-1.98 | 6652 | 7.2852032.1433197.2794500.0000000.0000000.0000000.0000000.0000000. | 0000007.28 | 5202 | 2.0011602.0030212.1451420.000000-1.9865840.000000-1.9866943.004586 | 0.0000000. | 0000 | 000.0000000.0000000.0000000.0000000.0000000.000000-1.9866980.00000 | 00.0000007 | .442 | 460-1.9925377.443452-1.9877367.442460-1.992537-1.987736-1.9867567. | 442462-1.9 | 8945 | 80.000000381691985462679806571086643334894129413560060421953696374 | 0360101346 | 2056 | 864539893841124306890605105883641536809075484314260201885963274460 | 7067292251 | 5804 | 335042984791148824632886296576.00000023910764503558327809968585679 | 4904753528 | 3246 | 846405285112445961520801515424496282671839198369722967123399473135 | 6751671202 | 1806 | 599804003469718488379097575110441305367753606873168890538157186092 | 1116618563 | 5988 | 37961378162465810754104398921686249897984.000000969868425604649708 | 3305254555 | 9147 | 982605799629154273605587503128275675417416389957708987963266131532 | 9702437740 | 9072 | 707985125605671621986703871634197157274897836246571863287412515363 | 6183761962 | 9995 | 526919895562998186026713362755030325207280732078080.0000000.000000 | 0.0000000. | 0000 | 000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000000 | 0.0000000. | 0000 | 000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000000 | 0.0000000. | 0000 | 000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000000 | 0.0000000. | 0000 | 000.0000000.0000000.0000000.0000000.0000000.0000000.0000000.000000 | 0.0000000. | 0000 | 000.0000000.0000000.0000000.0000000.0000000.000000-1.987362-1.9873 | 707.285600 | 2.14 | 33197.2809140.0000000.0000000.0000000.0000000.0000000.0000007.2724 | 767.277908 | 7.27 | 87630.0000000.000000-1.9873010.000000-1.9874127.2779090.0000000.00 | 00000.0000 | 000. | 0000000.0000000.0000000.000000-1.987408-1.9874160.0000007.330860-1 | .9874380.0 | 0000 | 00.000000-1.9877100.000000-1.988768-1.987710-1.9874650.000000-1.98 | 76677.2855 | 622. | 1433197.2843637.2855622.1433197.2792860.0000000.0000000.0000000.00 | 00007.2740 | 027. | 2787630.0000000.000000-1.9875985.4623583.6117480.0000003.494735 | 421 Service not available, remote server has closed connection | ftp> | | I tought it was very weird and also I couldnt state if the ftpd really | coredump.. but I know it stays at least up because I can reconnect to | the host. I have a theory that it core-dumps because of the | client, and not | because of the server itself... | | If anyone has any info about this... lemme know. | | -- | ---- | Guilherme Mesquita | UIN#5864338 | guy () linuxbr com br | ---- | Linux is Luke. | FreeBSD is Yoda. | --- |
Current thread:
- iis (ftp) 4.0 Guilherme Mesquita (Aug 01)
- Re: iis (ftp) 4.0 Renaud Deraison (Aug 02)
- Re: iis (ftp) 4.0 Marc Maiffret (Aug 02)
- Re: iis (ftp) 4.0 3APA3A (Aug 02)
- Re: iis (ftp) 4.0 Michal Zalewski (Aug 02)
- Re: iis (ftp) 4.0 Juliano Rizzo (Aug 02)