Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Ftp client , Format strings and SEGFAULTS]

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Wed, 5 Dec 2001 14:29:57 -0500 (EST)
On Wed, 5 Dec 2001, KF wrote:


Theoretically a server could construct a malicious response to a site
quote command and maybe take control of the client...


So far, we've seen fault conditions while parsing user-provided input
(commands). I didn't audit Linux ftp client, but I've performed several
tests some time ago, and I recall it seems to handle server responses
well. I didn't look too carefully, so it might be possible somewhere
(handling more advanced commands like 'mget', perhaps?), but it looks good
with simple activity...

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/
Previous By Date Next
Previous By Thread Next

Current thread: