Vulnerability Development: Re: iis (ftp) 4.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: iis (ftp) 4.0

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Tue, 1 Aug 2000 15:41:06 +0200

On Sun, 30 Jul 2000, Guilherme Mesquita wrote:

hey doods take a look at this:

ftp> quote cd
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f


Damn, another one. WAKE UP! It's a bug in ftp client! There's even no such
command as 'CD' in ftp protocol... And Micro$oft ftpd daemon simply drops
every command that is too long, but I don't think it crashes.

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

By Date By Thread

Current thread:

iis (ftp) 4.0 Guilherme Mesquita (Aug 01)
- Re: iis (ftp) 4.0 Renaud Deraison (Aug 02)
- Re: iis (ftp) 4.0 Marc Maiffret (Aug 02)
- Re: iis (ftp) 4.0 3APA3A (Aug 02)
- Re: iis (ftp) 4.0 Michal Zalewski (Aug 02)
- Re: iis (ftp) 4.0 Juliano Rizzo (Aug 02)