<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: iis (ftp) 4.0

Re: iis (ftp) 4.0

From: Renaud Deraison <deraison_at_CVS.NESSUS.ORG>
Date: Tue, 1 Aug 2000 15:48:51 +0200

On Sun, 30 Jul 2000, Guilherme Mesquita wrote:

> hey doods take a look at this:
> ftp> quote cd
> %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
> 421 Service not available, remote server has closed connection
> ftp>

The problem comes from your ftp client, which is vulnerable to malformed
input.

For the Linux ftp client that comes with NetKit-something, in the file
cmds.c, line 1665 there is :

! if (command(buf) == PRELIM) {

Whereas it should be :

! if (command("%s", buf) == PRELIM) {

As for the FTP server closing the connection, it's how Microsoft's FTP
server work: if you issue a too long argument, they'll close the
connection at you.

-- Renaud

--
Renaud Deraison
The Nessus Project
http://www.nessus.org

Received on Aug 02 2000

This message: [ Message body ]
Next message: Robert A. Seace: "Re: Securing of systems...."
Previous message: Crawling KingSnake: "ws_ftp pro 6.51 exposes internal IP addresses"
In reply to: Guilherme Mesquita: "iis (ftp) 4.0"
Next in thread: Marc Maiffret: "Re: iis (ftp) 4.0"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos