Vulnerability Development mailing list archives
Re: ftp.exe buffer overflow ?
From: Riley Hassell <riley () EEYE COM>
Date: Sat, 10 Feb 2001 23:04:36 -0800
That problem was discussed a while ago with the unix/linux ftp clients. It's very interesting that Microsoft's ftp client has a similiar problem. ;) Possibly a format bug. --After reviewing it it looks like there is also a standard overflow. 'quote site exec <Ax1000>' overwrote the EIP =) ----- Original Message ----- From: "cyber_hunter" <cyber_hunter () LINUXBR COM BR> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, February 10, 2001 11:44 PM Subject: ftp.exe buffer overflow ?
While I was reading something about wu-ftp I found an interesting buffer overflow on ftp.exe , first logon on any ftp server ( any ), then : quote site exec %s%s%s%s%s%s ( this will work even if server doesn't support site exec ) and : "ftp caused an invalid page fault in module MSVCRT.DLL ..." I don't know if an exploit can be made , and if this would be used for something. ps: I have not tried with any ftp client .
Current thread:
- /usr/bin/ddate buffer overflow SosPiro (Feb 10)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
- ftp.exe buffer overflow ? cyber_hunter (Feb 10)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 10)
- Re: ftp.exe buffer overflow ? Mike Duncan (Feb 11)
- Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
- Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
- Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
- Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)