[25243] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

A bug in the Kerberos4 ftp client may cause heap overflow which

daemon@ATHENA.MIT.EDU (Marcell Fodor)
Wed Apr 24 18:39:06 2002

Date: 24 Apr 2002 20:13:23 -0000
Message-ID: <20020424201323.32079.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Marcell Fodor <m.fodor@mail.datanet.hu>
To: bugtraq@securityfocus.com

Kerberos4 ftp client is a simple ftp client, with the 
extensions defined by RFC 2228.
When authentication fails with AUTH, client will use 
USER/PASS command as other ones.

A bug in the code may cause a heap overflow which leads to 
remote code execution.
The overflow occurs when the server responds to client's 
request for passive mode. If the server
responds with a long reply in the place of IP and port, 
pasv buffer will overflow.

Affected version: 4-1.1.1

The real danger: an ftp server can simply modified to 
recognize Kerberos4 ftp client by it's protocol. You know 
the rest.

Details and exploit code: mantra.freeweb.hu

Marcell Fodor


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25243] in bugtraq

A bug in the Kerberos4 ftp client may cause heap overflow which

daemon@ATHENA.MIT.EDU (Marcell Fodor)Wed Apr 24 18:39:06 2002

daemon@ATHENA.MIT.EDU (Marcell Fodor)
Wed Apr 24 18:39:06 2002