Vulnerability Development: Re: iis (ftp) 4.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: iis (ftp) 4.0

From: Renaud Deraison <deraison () CVS NESSUS ORG>
Date: Tue, 1 Aug 2000 15:48:51 +0200

On Sun, 30 Jul 2000, Guilherme Mesquita wrote:

hey doods take a look at this:
ftp> quote cd
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
421 Service not available, remote server has closed connection
ftp>


The problem comes from your ftp client, which is vulnerable to malformed
input.

For the Linux ftp client that comes with NetKit-something, in the file
cmds.c, line 1665 there is :

!       if (command(buf) == PRELIM) {

Whereas it should be :

!       if (command("%s", buf) == PRELIM) {


As for the FTP server closing the connection, it's how Microsoft's FTP
server work: if you issue a too long argument, they'll close the
connection at you.


                                -- Renaud

--
Renaud Deraison
The Nessus Project
http://www.nessus.org

By Date By Thread

Current thread:

iis (ftp) 4.0 Guilherme Mesquita (Aug 01)
- Re: iis (ftp) 4.0 Renaud Deraison (Aug 02)
- Re: iis (ftp) 4.0 Marc Maiffret (Aug 02)
- Re: iis (ftp) 4.0 3APA3A (Aug 02)
- Re: iis (ftp) 4.0 Michal Zalewski (Aug 02)
- Re: iis (ftp) 4.0 Juliano Rizzo (Aug 02)