Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: def-2001-31
From: johncybpk () gmx net
Date: Tue, 6 Nov 2001 11:07:46 +0100 (MET)

hi,

in addition to defcoms posting about the buffer overflow in WS_FTP 2.03,
i can confirm this for the WS_FTP 1.05 Version ( maybe minor version too...
)

IPSWITCH releases always patches for both Versions 1.x und 2.x, coz it seems
the
versions are maintained separately.

As IPSWITCH hasn't released a fix for the 1.05 Version yet, i thought it
should be mentioned here.

I had to enter 463 bytes after the STAT command, to stop the service
running.

Because the overflow is dependant on the size of the name of the server this
will differ
on other systems. A good playground to test the bo is between 460 and 500
bytes.

with some handy work, i got the defcom exploitcode running, but luckily not
so easy that
every script kid can exploit it remotely.

cheers

johnny

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


  By Date           By Thread  

Current thread:
  • def-2001-31 andreas junestam (Nov 05)
    • <Possible follow-ups>
    • Re: def-2001-31 johncybpk (Nov 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault