Vulnerability Development: Re: twlc advisory: possible overflow in ms ftp client

[supergate () twlc net]

> > Summary
> > Possible buffer overflow in windows ftp client...
> Ok, and what do you gain by this?
> Also see previous threads (yes they are a while ago)
> "ftp.exe buffer overflow" and "FTP.exe risk:low" about
> some other bugs in the ftp client (format string bugs).
look at the conclusion of the advisory:

Conclusion
So is prolly possible execute code in the system, and for sure crash the
client (will ever be useful:P?) <- should i make it bold?

i wrote the advisory because its a spreaded program not because it was
dangerous:)

> Anyway, if you like client side bugs you could better search for something
> like server sending "evilstuff" to client which causes (for example) an
overflow.
> In that case you could write a remote exploit... _that_ would be a
security bug

ill make some test and send some string from the SERVER to the client to see
if i can crash it up -if i got the time-

cya
supergate.