Vulnerability Development mailing list archives

Re: compress(vul) + ftpd(?)

From: H D Moore <hdm () digitaloffense net>
Date: Thu, 7 Mar 2002 09:57:02 -0600

On Thursday 07 March 2002 09:30 am, HypH wrote:

On Thu  7. March 2002 15:18, H D Moore wrote:

YES.  wu-ftpd will call compress with the file name as an argument if you
request the file name ending in .Z. You have to be able to write out a
file name containing the shell code to exploit the bug.


The problem is that the file have to be 1100 chars long , with the
shellcode within. But wu-ftpd doesn`t allow/handle so long filenames.


Hmm.. What about splitting the shellcode into different directories and the 
requesting the full path to the file (directories and all) ending in .Z?

Current thread:

compress(vul) + ftpd(?) HypH (Mar 05)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
- Message not available
  - Re: compress(vul) + ftpd(?) HypH (Mar 07)
    - Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
    - Re: compress(vul) + ftpd(?) HypH (Mar 09)
    - Re: compress(vul) + ftpd(?) KF (Mar 09)
    - Re: compress(vul) + ftpd(?) HypH (Mar 09)
    - Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 09)
    - Re: compress(vul) + ftpd(?) H D Moore (Mar 10)
    - Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 11)
    - Re: compress(vul) + ftpd(?) H D Moore (Mar 12)
    - Re: compress(vul) + ftpd(?) Gushterul (Mar 12)
    - Re: compress(vul) + ftpd(?) HypH (Mar 11)
    - Re: compress(vul) + ftpd(?) Mats Linander (Mar 11)