Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: twlc advisory: possible overflow in ms ftp client

From: Syzop <syz () dds nl>
Date: Thu, 01 Nov 2001 20:09:14 +0100
supergate () twlc net wrote:
[snip stuff]


Summary
Possible buffer overflow in windows ftp client...


Ok, and what do you gain by this?
Also see previous threads (yes they are a while ago)
"ftp.exe buffer overflow" and "FTP.exe risk:low" about
some other bugs in the ftp client (format string bugs).


Thats it... if we will find the time we will prolly work on it.

Conclusion
So is prolly possible execute code in the system, and for sure crash the
client (will ever be useful:P?)


Looks like it's exploitable yes (EIP=0x61616161 with lots of 'aaaaa')...
but why would you try to exploit if you don't gain anything by this
(ok except for learning how to write exploits)...
1. ftp.exe runs with normal user privileges (local exploit gains nothing),
    if it would run with higher privileges you have a problem anyway.
2. it's not remotely exploitable (I've never heard of a browser launching
    ftp.exe and sending the commands), and I assume "let the victim type
    the exploitcode in ftp.exe" isn't a remote exploit :P

Anyway, if you like client side bugs you could better search for something
like server sending "evilstuff" to client which causes (for example) an overflow.
In that case you could write a remote exploit... _that_ would be a security bug

Cya,

    Syzop.
Previous By Date Next
Previous By Thread Next

Current thread: