[20331] in bugtraq
Re: QPC FTPd Directory Traversal and BoF Vulnerabilities
daemon@ATHENA.MIT.EDU (Xander Teunissen)
Fri Apr 20 00:30:24 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <18127314876.20010418195306@nolifewhatsoever.org>
Date: Wed, 18 Apr 2001 19:53:06 +0200
Reply-To: Xander Teunissen <thejian@nolifewhatsoever.org>
From: Xander Teunissen <thejian@nolifewhatsoever.org>
X-To: Crono <crono@THEPENTAGON.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <002b01c0c7e9$0f7977a0$65ad74a7@hell>
Hehe lol.
C> Hi.
Hi :)
C> żare you sure that exist a buffer overflow on logon secuence?. I don´t know
C> if you tested it from a winnt box or from a win2000 box, but if you tested
C> under winnt, using the "ftp client" of winnt, you are maybe in a mistake
Yeah we're rather sure :P Thanks for the concern though.
Application exception occurred:
App: (pid=1942)
Exception number: c0000005 (access violation)
*----> Task List <----*
1942 Ftpd.exe
Besides, the ftp.exe coming with Win2k needs to be fed a rather large
chunk of data, 1995+ bytes I believe? This particular ftpD needs only
655, as mentioned.
Thejian
--
Best regards,
Thejian mailto:thejian@nolifewhatsoever.org
"Carpe Jugulum: Go for the throat!"
