mailing list archives
From: johncybpk () gmx net
Date: Tue, 6 Nov 2001 11:07:46 +0100 (MET)
in addition to defcoms posting about the buffer overflow in WS_FTP 2.03,
i can confirm this for the WS_FTP 1.05 Version ( maybe minor version too...
IPSWITCH releases always patches for both Versions 1.x und 2.x, coz it seems
versions are maintained separately.
As IPSWITCH hasn't released a fix for the 1.05 Version yet, i thought it
should be mentioned here.
I had to enter 463 bytes after the STAT command, to stop the service
Because the overflow is dependant on the size of the name of the server this
on other systems. A good playground to test the bo is between 460 and 500
with some handy work, i got the defcom exploitcode running, but luckily not
so easy that
every script kid can exploit it remotely.
GMX - Die Kommunikationsplattform im Internet.
- def-2001-31 andreas junestam (Nov 05)
- <Possible follow-ups>
- Re: def-2001-31 johncybpk (Nov 09)