Home page logo

bugtraq logo Bugtraq mailing list archives

Meteor FTP Server v1.5 Buffer Overflow
From: Auston J <Anix44 () gmail com>
Date: 23 May 2005 16:14:37 -0000

The overflow is triggered once a series of commands have been issued with specific criteria. In theory, using the USER 
command followed by a large amount of data will result in memory corruption as we have seen previously. However, if the 
PASS and PORT command are also issued with the right arguments, the memory corruption may be re-aligned to create a 
buffer overflow.

Psuedo Exploitation...

USER (A x 80) (Following 4 Bytes = New Return Point)
PASS 0wn3r
PORT 127,0,0,1,18,12 (Must be same as connecting IP)

At this point the server hangs. If the connection were manually disconnected, or left to time out on it's own (5 
minutes by default), the violation will be thrown.

  By Date           By Thread  

Current thread:
  • Meteor FTP Server v1.5 Buffer Overflow Auston J (May 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]