Vulnerability Development mailing list archives
smallftpd's version 1.0.2 Directory Transversal Vulnerability
From: "aT4r InsaN3" <at4r () hotmail com>
Date: Wed, 30 Apr 2003 12:05:27 +0200
Smallftpd is a simple and small Ftp server for windows. A vulnerability exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow unauthorizeded users to browse the root directorys and skip access list.
CWD \..\.. 250 CWD command successful.also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too have multiple vulnerabilities.
Denial OF service: just type "%s %s" as login and the ftp server will crash.buffer overflows when a command have length >280 chars. example: cd AAAAAAAAAA...
this bugs seems to be patched in the lastest version. at4r [at] 3wdesign.es Security 2003 _________________________________________________________________Melodías, logos y mil servicios para tu teléfono en MSN Móviles. http://www.msn.es/MSNMovil/
Current thread:
- smallftpd's version 1.0.2 Directory Transversal Vulnerability aT4r InsaN3 (Apr 30)