Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Format String Vulnerability in Crob Ftp Server
From: Luca Ercoli <luca.ercoli () inwind it>
Date: 2 Jun 2003 16:55:10 -0000


Package:        Crob Ftp Server
Auth:           Crob Software Studio (www.crob.net/studio/ftpserver/)
Version:        2.50.4 Build 228
Vulnerability:  Format String
Risk:           High


Vulnerability
Description:

A format string flaw in the authentication process allows remote attackers 
without valid user/pass to execute arbitrary code.


C:\>telnet 192.168.0.1 21

220- Crob FTP Server V2.50.4
220  Welcome to Crob FTP Server

user %x%x%x

331 Password required for 0d1250b70







Luca Ercoli luca.ercoli[at]inwind.it

  By Date           By Thread  

Current thread:
  • Format String Vulnerability in Crob Ftp Server Luca Ercoli (Jun 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]