Vulnerability Development mailing list archives
Re: FTP.exe risk:low
From: "Chris ." <jslat () hotmail com>
Date: Mon, 21 May 2001 17:53:17 -0000
There are a lot of unchecked buffers in FTP.exe (client) try: C:\>ftp ftp> put AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[....]
This is not an important security problem but it makes you think about microsoft developers... Eliel C. Sardañons
I tried this, win2k 5.00.2195 / IIS 5.0 FTPd and got the same results C:\>ftp localhost Connected to localhost. 220 Microsoft FTP Service (Version 5.0). User (localhost:(none)): test1 331 Password required for test1. Password: 230 User test1 logged in. ftp> put AAAAAAAAAAAAA [.....] AAAAAAAAAAA<CR> C:\> Event Logs show the followingApplication popup: ftp.exe - Application Error : The instruction at "0x77f8c493" referenced memory at "0x41414145". The memory could not be "read".
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- FTP.exe risk:low Sardañons , Eliel (May 21)
- Re: FTP.exe risk:low Kevin J. Menard, Jr. (May 21)
- Re: FTP.exe risk:low Enrique A. Sanchez Montellano (May 21)
- Re: FTP.exe risk:low Matteo S. (May 21)
- <Possible follow-ups>
- RE: FTP.exe risk:low Sardañons , Eliel (May 21)
- Re[2]: FTP.exe risk:low Kevin J. Menard, Jr. (May 21)
- Re: FTP.exe risk:low Chris . (May 21)