mailing list archives
ncftp 2.4.3 bug
From: paul () BOEHM ORG (Paul Boehm)
Date: Sun, 21 Jun 1998 00:52:33 +0200
i think i've found a bug in ncftp 2.4.3 (latest stable release)...
if you connect to a ftp server that responds with something like the
shit below ncftp2.4.3 segfaults. i think this is exploitable,
but had no time/motivation to look further into it.
probably this isn't very dangerous anyway cause
your victim needs to connect willingly, and using ncftp to your server..
that won't happen very often unless
you've been talking with your victim before.
anyway i thought it may be a good idea to post it, so here it is:
# ncftp2.4.3 crash by infected () cia at
# Start this using inetd. (port 21)
echo "331 hi, barbie.. wanna crash with me?"
echo "230 sure ken!"
echo "then hop in"
every reply that looks like this works:
c[putting here some exploit code may work]
PS: i have no clue why this crashes ncftp... i haven't looked through
ncftp's source, but maybe someone else will.
Name: Paul S. Boehm || Freelance Security Consulter.
Email: paul () is destructive org || PGPkey available at:
Url: http://paul.boehm.org/ || http://paul.boehm.org/paul-pgp.asc
There is is no reason for any individual to have a computer in their home.
--Ken Olsen (Digital Corp CEO) 1977.
- ncftp 2.4.3 bug Paul Boehm (Jun 20)