Vulnerability Development mailing list archives

ftp.exe buffer overflow ?

From: cyber_hunter <cyber_hunter () LINUXBR COM BR>
Date: Sat, 10 Feb 2001 23:44:59 -0800

While I was reading something about wu-ftp I found an interesting buffer
overflow on ftp.exe ,
first logon on any ftp server ( any ), then :

quote site exec %s%s%s%s%s%s

( this will work even if server doesn't support site exec )

and :  "ftp caused an invalid page fault in module MSVCRT.DLL ..."

I don't know if an exploit can be made , and if this would be used for
something.
ps: I have not tried with any ftp client .

Current thread:

/usr/bin/ddate buffer overflow SosPiro (Feb 10)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)
  - Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
    - ftp.exe buffer overflow ? cyber_hunter (Feb 10)
    - Re: ftp.exe buffer overflow ? Riley Hassell (Feb 10)
    - Re: ftp.exe buffer overflow ? Mike Duncan (Feb 11)
    - Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
    - Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
    - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
    - Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
    - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
    - Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
    - Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
    - Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)

(Thread continues...)