Vulnerability Development mailing list archives

Re: FTP.exe risk:low

From: "Chris ." <jslat () hotmail com>
Date: Mon, 21 May 2001 17:53:17 -0000

There are a lot of unchecked buffers in FTP.exe (client) try:

C:\>ftp
ftp> put
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

[....]


This is not an important security problem but it makes you think about
microsoft developers...



Eliel C. Sardañons



I tried this, win2k 5.00.2195 / IIS 5.0 FTPd and got the same results

C:\>ftp localhost
Connected to localhost.
220 Microsoft FTP Service (Version 5.0).
User (localhost:(none)): test1
331 Password required for test1.
Password:
230 User test1 logged in.
ftp> put AAAAAAAAAAAAA

[.....]

AAAAAAAAAAA<CR>

C:\>

Event Logs show the following

Application popup: ftp.exe - Application Error : The instruction at"0x77f8c493" referenced memory at "0x41414145". The memory could not be"read".





_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Current thread:

FTP.exe risk:low Sardañons , Eliel (May 21)
- Re: FTP.exe risk:low Kevin J. Menard, Jr. (May 21)
- Re: FTP.exe risk:low Enrique A. Sanchez Montellano (May 21)
- Re: FTP.exe risk:low Matteo S. (May 21)
- <Possible follow-ups>
- RE: FTP.exe risk:low Sardañons , Eliel (May 21)
  - Re[2]: FTP.exe risk:low Kevin J. Menard, Jr. (May 21)
- Re: FTP.exe risk:low Chris . (May 21)