Vulnerability Development mailing list archives

Re: ftp.exe buffer overflow ?

From: Riley Hassell <riley () EEYE COM>
Date: Sat, 10 Feb 2001 23:04:36 -0800

That problem was discussed a while ago with the unix/linux ftp clients. It's
very
interesting that Microsoft's ftp client has a similiar problem. ;)

Possibly a format bug.

--After reviewing it it looks like there is also a standard overflow.
'quote site exec <Ax1000>' overwrote the EIP =)

----- Original Message -----
From: "cyber_hunter" <cyber_hunter () LINUXBR COM BR>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Saturday, February 10, 2001 11:44 PM
Subject: ftp.exe buffer overflow ?

While I was reading something about wu-ftp I found an interesting buffer
overflow on ftp.exe ,
first logon on any ftp server ( any ), then :

quote site exec %s%s%s%s%s%s

( this will work even if server doesn't support site exec )

and :  "ftp caused an invalid page fault in module MSVCRT.DLL ..."

I don't know if an exploit can be made , and if this would be used for
something.
ps: I have not tried with any ftp client .

Current thread:

/usr/bin/ddate buffer overflow SosPiro (Feb 10)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)
  - Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
    - ftp.exe buffer overflow ? cyber_hunter (Feb 10)
    - Re: ftp.exe buffer overflow ? Riley Hassell (Feb 10)
    - Re: ftp.exe buffer overflow ? Mike Duncan (Feb 11)
    - Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
    - Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
    - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
    - Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
    - Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
    - Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
    - Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
    - Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
    - Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)

(Thread continues...)