[14244] in bugtraq
Re: Extending the FTP "ALG" vulnerability to any FTP client
daemon@ATHENA.MIT.EDU (Dug Song)
Sat Mar 11 18:59:54 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.10.10003111557110.9857-100000@funky.monkey.org>
Date: Sat, 11 Mar 2000 16:05:45 -0500
Reply-To: Dug Song <dugsong@MONKEY.ORG>
From: Dug Song <dugsong@MONKEY.ORG>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38C8C8EE.544524B1@enternet.se>
On Fri, 10 Mar 2000, Mikael Olsson wrote:
> I'm theorizing. But that's what I did with the FTP PASV
> attack aswell, and right enough, less than a day later reports
> came dropping in, and a few days after that Dug Song had written
> a generic proof-of-concept hack. Care to type up another one?
since you asked so nicely. :-)
http://www.monkey.org/~dugsong/ftpd-ozone.c.txt
reverse firewall penetration is really nothing new, though...
-d.
---
http://www.monkey.org/~dugsong/
