Vulnerability Development mailing list archives

Re: proftpd format bug

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Sun, 9 Dec 2001 18:50:36 -0500 (EST)

On Sun, 4 Dec 2005, Fuska wrote:

  Sorry if this has been already reported.

ftp> quote site %p
500 'SITE 0X8055F1E' not understood.
ftp> quote site %s
421 Service not available, remote server has closed connection


to differentiate between a client and a server bug, please use a client
like netcat or telnet:

$ nc server 21
220 server.site.edu NcFTPd Server (free educational license)
ready.
user anonymous
331 Guest login ok, send your complete e-mail address as password.
pass jose@
230-You are user #1 of 50 simultaneous users allowed.
230 Logged in anonymously.

cwd %n
550 No such directory.


hope this helps. this is a common issue with ftp string format atacks,
people finding client bugs and thinking they're server bugs. please do
this test to find out which it is.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

proftpd format bug Fuska (Dec 09)
- Re: proftpd format bug Robert van der Meulen (Dec 09)
- Re: proftpd format bug Jose Nazario (Dec 09)