Vulnerability Development mailing list archives
Re: twlc advisory: possible overflow in ms ftp client
From: supergate () twlc net
Date: Thu, 1 Nov 2001 20:29:47 +0100
Summary Possible buffer overflow in windows ftp client...Ok, and what do you gain by this? Also see previous threads (yes they are a while ago) "ftp.exe buffer overflow" and "FTP.exe risk:low" about some other bugs in the ftp client (format string bugs).
look at the conclusion of the advisory: Conclusion So is prolly possible execute code in the system, and for sure crash the client (will ever be useful:P?) <- should i make it bold? i wrote the advisory because its a spreaded program not because it was dangerous:)
Anyway, if you like client side bugs you could better search for something like server sending "evilstuff" to client which causes (for example) an
overflow.
In that case you could write a remote exploit... _that_ would be a
security bug ill make some test and send some string from the SERVER to the client to see if i can crash it up -if i got the time- cya supergate.
Current thread:
- twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- <Possible follow-ups>
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) supergate (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Lincoln Yeoh (Nov 03)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Robert Freeman (Nov 04)
- Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 04)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 05)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Marshal (Nov 09)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)