[23081] in bugtraq
Re: def-2001-31
daemon@ATHENA.MIT.EDU (johncybpk@gmx.net)
Thu Nov 8 22:00:31 2001
Date: Tue, 6 Nov 2001 11:07:46 +0100 (MET)
From: johncybpk@gmx.net
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <3768.1005041266@www23.gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
hi,
in addition to defcoms posting about the buffer overflow in WS_FTP 2.03,
i can confirm this for the WS_FTP 1.05 Version ( maybe minor version too...
)
IPSWITCH releases always patches for both Versions 1.x und 2.x, coz it seems
the
versions are maintained separately.
As IPSWITCH hasn't released a fix for the 1.05 Version yet, i thought it
should be mentioned here.
I had to enter 463 bytes after the STAT command, to stop the service
running.
Because the overflow is dependant on the size of the name of the server this
will differ
on other systems. A good playground to test the bo is between 460 and 500
bytes.
with some handy work, i got the defcom exploitcode running, but luckily not
so easy that
every script kid can exploit it remotely.
cheers
johnny
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
