Vulnerability Development: Re:FTP.EXE format string vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re:FTP.EXE format string vulnerability

From: ByteRage <byterage () yahoo com>
Date: Sun, 10 Jun 2001 10:07:34 -0700 (PDT)


It probably *still* doesn't matter much, but I found
that the linux (Redhat 6.0 / Kernel 2.4.2) ftp client
is also vulnerable to format string vulnerabilities :

example :

site %x

NOTE : about my previous post : GET should've been a
command to the server, like RETR or STOR... however,
whether it's a working command or not, the format
string bug still occurs.

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

By Date By Thread

Current thread:

FTP.EXE format string vulnerability ByteRage (Jun 10)
- <Possible follow-ups>
- Re:FTP.EXE format string vulnerability ByteRage (Jun 10)
  - Re: FTP.EXE format string vulnerability Jarno Huuskonen (Jun 14)