Vulnerability Development mailing list archives
Re: ftp.exe buffer overflow ?
From: Mike Duncan <duncan () RANDOMTASK NET>
Date: Sun, 11 Feb 2001 13:18:27 -0500
I tired this on... * Win98 (4.10.1998): Invalid page fault (as described). * RedHat 7.0 NcFTP 3.0.1/448 (Library version: LibNcFTP 3.0.1): Segmentation fault. * RedHat 7.0 FTP (Linux NetKit (0.17-pre-20000412August 15, 1999)): "501 Cannot EXEC command line (error=2)." Appeared to be fixed? I know this is an old bug, but I wanted to show it still exists in some but not all apps. On Sat, 10 Feb 2001, Riley Hassell wrote:
That problem was discussed a while ago with the unix/linux ftp clients. It's very interesting that Microsoft's ftp client has a similiar problem. ;) Possibly a format bug. --After reviewing it it looks like there is also a standard overflow. 'quote site exec <Ax1000>' overwrote the EIP =) ----- Original Message ----- From: "cyber_hunter" <cyber_hunter () LINUXBR COM BR> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, February 10, 2001 11:44 PM Subject: ftp.exe buffer overflow ?While I was reading something about wu-ftp I found an interesting buffer overflow on ftp.exe , first logon on any ftp server ( any ), then : quote site exec %s%s%s%s%s%s ( this will work even if server doesn't support site exec ) and : "ftp caused an invalid page fault in module MSVCRT.DLL ..." I don't know if an exploit can be made , and if this would be used for something. ps: I have not tried with any ftp client .
-- ------------------------------------------ Mike Duncan security () randomtask net http://www.randomtask.net FLOD: The World's Perfect Cube Of Fat Also comes in glow-in-the-dark models. ** Don't accept any imitations. ** ------------------------------------------
Current thread:
- /usr/bin/ddate buffer overflow SosPiro (Feb 10)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
- ftp.exe buffer overflow ? cyber_hunter (Feb 10)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 10)
- Re: ftp.exe buffer overflow ? Mike Duncan (Feb 11)
- Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
- Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
- Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
- Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
- Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
- Re: /usr/bin/ddate buffer overflow Blue Boar (Feb 10)