Bugtraq: Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability

From: alun () TEXIS COM (Alun Jones)
Date: Tue, 2 Nov 1999 20:39:10 -0000


In response to Luck Martins' report of a buffer overflow in 
WFTPD 2.40 and 2.34, we can confirm that this error does 
exist.  Our initial tests suggest that it is more of 
a 'denial-of-service' nature, rather than an exploit 
allowing an attacker to load their own code into memory - 
the access that generates the fault is overwriting a single 
null byte into heap space, rather than stack space.

We've been working on this problem over the weekend, 
coinciding as it has with our intent to release a new 
version, 2.41, early this week.  We are completing 
regression testing and beta testing and will be releasing 
the new version later today.

Alun Jones
President, Texas Imperial Software.

By Date By Thread

Current thread:

Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alun Jones (Nov 02)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability iarce (Nov 04)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alberto Soliño (Nov 04)
- Palm Hotsync vulnerable to DoS attack Aviram Jenik (Nov 04)
- RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd) ah1 () SECURITYFOCUS COM (Nov 04)
- Microsoft Security Bulletin (MS99-047) Aleph One (Nov 04)