Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
From: "KJK::Hyperion" <hackbunny () s0ftpj org>
Date: Thu, 29 Nov 2007 13:28:25 +0100

Tonnerre Lombard ha scritto:
Isn't the FTP client compiled with stack overflow protection?
If so, how is that supposed to help?
By terminating the program before the payload is executed
May I suggest that this protection is not perfect? I was hoping that
people on this mailing list consider this to be an established fact.

You can suggest it. However, ftp.exe is also linked with the secure
exception handlers option. How do you divert execution when ftp.exe is
running on a platform with encrypted global pointers? ftp.exe is no
Internet Explorer, either, you cannot arbitrarily load third party DLLs
in it. Why, it doesn't even link shell32.dll or ole32.dll. And I remind
you these are buffer overflows in a text field of an user interface

Rajesh and others like him have been peddling this "vulnerability" for
months if not years. Some security "professionals" should stop fooling
themselves and have the basic honesty to admit their behavior is rather
more fitting of a small-time loan shark or mafia picciotto, if not the
honesty to submit straight away to the vendor what is clearly just a bug
with no strategical security implications

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]