Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: war-ftpd 1.6x DoS
From: jgaa () JGAA COM (Jarle Aase)
Date: Thu, 3 Feb 2000 08:41:34 +0100


I can confirm that version 1.6* have a problem, as described in the initial report.

Until now, the command parser in War FTP Daemon 1.6* has allowed commands up to 8 KB in size. To prevent this, and 
other buffer-overflow problems, this size is decreased to (MAX_PATH + 8), and an additional check is added that 
prevents any command argument to exceed MAX_PATH in length. 

A new version, 1.67-4 has been released with this modification. See http://war.jgaa.com/alert/ for download details.

Jarle Aase

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Toshimi Makino
Sent: Tuesday, February 01, 2000 8:59 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: war-ftpd 1.6x DoS


Hello,


"war-ftpd" is very popular ftp server for Windows95/98/NT.
I found DoS problem to "war-ftpd 1.6x" recently.


Outline:
  It seems to occur because the bound check of the command of MKD/CWD
  that uses it is imperfect when this problem controls the directory.

  However, could not hijack the control of EIP so as long as I test.
  It is because not able to overwrite the RET address,
  because it seems to be checking buffer total capacity properly
  in 1.66x4 and later.

  The boundary of Access Violation breaks out among 8182 bytes
  from 533 bytes neighborhood although it differs by the thread
  that receives attack.


The version that is confirming this vulnerable point is as follows.
  1.66x4s, 1.67-3


The version that this vulnerable point was not found is as follows.
  1.71-0
[...]


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault