Hi,
I am just writing a small set of perl scripts, to test server
implementations
of different protocols agains common problems ( i.e. Buffer overflow and
format strings.. ). The first script is against FTP servers, and just
stupidly
sends stuff to a server, verifies if the server crashes and if it does,
it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].
Everything has been tested with Win95, I still wait for my new cpu, so I can
install a fine sourcemage gnu/linux on my desktop pc too :), so some
problems
might not be caused by the server itself but by the OS )
The 4 Problems are all not very serious ( maybe the directory traversal is
? )
but I don't think that these FTP's are widely used. Most of the vendors are
informed yesterday. If these bugs are already known I am sorry for this
mail.
The FTP's are the ones I found about a week ago at download.com, so maybe
newer versions exists.
greetings Eric
ps:
greetings to Duke"plzgreetme"CS
and J for providing beer and playing skat :)
FtpXQ
MKD AAAAAAAAAAAAA.....AAAA
( longer than 254 chars crashes the server)
TransSoft's Broker FTP Server 5.0 Evaluation Version
CWD ...
CWD ....
crashes the server ( sometimes with bsod )
MeteorSoft Meteor FTP 1.2b
MKD AAAAAAAAAAAAA...AAAA
STOR AAAAAAAAAAAA...AAAA
crashes the server
Texas Imperial Software WFTPD
CWD ...
CWD ....
directory traversal possible
--
www.kryptocrew.de/snakebyte/ -- just my stuff
Received on May 27 2002
Intro
