Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ftp.exe buffer overflow ?

From: Michal Zalewski <lcamtuf () BOS BINDVIEW COM>
Date: Sun, 11 Feb 2001 20:45:51 -0500
On Mon, 12 Feb 2001, Egemen Tas wrote:


This bug is different from the ones you mentioned..
This is the bug in MS FTP Client's QUOTE command.


MS FTP client is surprisingly similar to BSDish ftp client, containing -
for example - some similar strings in its binary. It's been discussed on
numerous forums long time ago (google.com, search for: "Regents of the
University of California" ftp microsoft client). Thus, I bet this is the
same as the bug in BSDish ftp client (format bug in quote command), and is
caused by very similar code.


In my opinion this is may be overflowable(because the error occurs in the
Stack Segment!(I may be wrong)


No, never. I mean this is exploitable, but it is not an overflow and has
nothing to do with stack segment.


but does not pose great security risk.Because ftp.exe runs with the
credidentals of currently logged on user.


Right =)

--
_______________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] | [security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
Previous By Date Next
Previous By Thread Next

Current thread: