|
Vulnerability Development
mailing list archives
Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)
From: supergate () twlc net
Date: Fri, 2 Nov 2001 15:33:24 +0100
----- Original Message -----
From: <foob () return0 net>
To: <supergate () twlc net>
Cc: <vuln-dev () securityfocus com>
Sent: Friday, November 02, 2001 11:36 AM
Subject: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible
overflow in ms ftp client)
(excuse the formatting, damn cmd.exe cut n paste sucks).
"The instruction at "0x........" referenced memory at "0x41414141".
Maybe a heap overflow. Probably usable to run code. Pointless-factor-10.
As far as i can tell, the remote server doesnt need to exist - it crashes
before the network is used.
i made some test sending string from the server to the client and
nothing.... so i guess its more useless than before
One possible non-pointless use of such client overflows could be if you
can remotely run commands on a machine, say through IIS, but not
upload code. You could use this with some payload to execute
arbitrary code. Probably.
yes this is obiuvsly possible
supergate.
 By Date 
By Thread
Current thread:
| 
Intro
