mailing list archives
Re: war-ftpd 1.6x DoS
From: jgaa () JGAA COM (Jarle Aase)
Date: Thu, 3 Feb 2000 08:41:34 +0100
I can confirm that version 1.6* have a problem, as described in the initial report.
Until now, the command parser in War FTP Daemon 1.6* has allowed commands up to 8 KB in size. To prevent this, and
other buffer-overflow problems, this size is decreased to (MAX_PATH + 8), and an additional check is added that
prevents any command argument to exceed MAX_PATH in length.
A new version, 1.67-4 has been released with this modification. See http://war.jgaa.com/alert/ for download details.
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Sent: Tuesday, February 01, 2000 8:59 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: war-ftpd 1.6x DoS
"war-ftpd" is very popular ftp server for Windows95/98/NT.
I found DoS problem to "war-ftpd 1.6x" recently.
It seems to occur because the bound check of the command of MKD/CWD
that uses it is imperfect when this problem controls the directory.
However, could not hijack the control of EIP so as long as I test.
It is because not able to overwrite the RET address,
because it seems to be checking buffer total capacity properly
in 1.66x4 and later.
The boundary of Access Violation breaks out among 8182 bytes
from 533 bytes neighborhood although it differs by the thread
that receives attack.
The version that is confirming this vulnerable point is as follows.
The version that this vulnerable point was not found is as follows.