mailing list archives
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
From: "KJK::Hyperion" <hackbunny () s0ftpj org>
Date: Thu, 29 Nov 2007 13:28:25 +0100
Tonnerre Lombard ha scritto:
Isn't the FTP client compiled with stack overflow protection?
If so, how is that supposed to help?
By terminating the program before the payload is executed
May I suggest that this protection is not perfect? I was hoping that
people on this mailing list consider this to be an established fact.
You can suggest it. However, ftp.exe is also linked with the secure
exception handlers option. How do you divert execution when ftp.exe is
running on a platform with encrypted global pointers? ftp.exe is no
Internet Explorer, either, you cannot arbitrarily load third party DLLs
in it. Why, it doesn't even link shell32.dll or ole32.dll. And I remind
you these are buffer overflows in a text field of an user interface
Rajesh and others like him have been peddling this "vulnerability" for
months if not years. Some security "professionals" should stop fooling
themselves and have the basic honesty to admit their behavior is rather
more fitting of a small-time loan shark or mafia picciotto, if not the
honesty to submit straight away to the vendor what is clearly just a bug
with no strategical security implications
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability reepex (Nov 28)