Vulnerability Development mailing list archives
Re: twlc advisory: possible overflow in ms ftp client
From: Syzop <syz () dds nl>
Date: Thu, 01 Nov 2001 20:09:14 +0100
supergate () twlc net wrote: [snip stuff]
Summary Possible buffer overflow in windows ftp client...
Ok, and what do you gain by this? Also see previous threads (yes they are a while ago) "ftp.exe buffer overflow" and "FTP.exe risk:low" about some other bugs in the ftp client (format string bugs).
Thats it... if we will find the time we will prolly work on it. Conclusion So is prolly possible execute code in the system, and for sure crash the client (will ever be useful:P?)
Looks like it's exploitable yes (EIP=0x61616161 with lots of 'aaaaa')... but why would you try to exploit if you don't gain anything by this (ok except for learning how to write exploits)... 1. ftp.exe runs with normal user privileges (local exploit gains nothing), if it would run with higher privileges you have a problem anyway. 2. it's not remotely exploitable (I've never heard of a browser launching ftp.exe and sending the commands), and I assume "let the victim type the exploitcode in ftp.exe" isn't a remote exploit :P Anyway, if you like client side bugs you could better search for something like server sending "evilstuff" to client which causes (for example) an overflow. In that case you could write a remote exploit... _that_ would be a security bug Cya, Syzop.
Current thread:
- twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- <Possible follow-ups>
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) supergate (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Lincoln Yeoh (Nov 03)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Robert Freeman (Nov 04)
- Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 04)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 05)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 08)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)