[9333] in bugtraq
Re: WS FTP Server Advisory
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Feb 4 12:30:25 1999
Date: Thu, 4 Feb 1999 00:29:07 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: marc@EEYE.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <029601be4ef0$538a9060$abd40018@CORE> from "Marc" at Feb 2,
99 01:09:21 pm
[...]
> AAAAAAAAAAAAAAAA
> Connection to host lost.
>
> The iFtpSvc.exe (Server Exe) process has now exited and therefore the
> WS_FTP Server will no longer respond. There is no error displayed on
> screen nor is the event log written to. The smallest amount of characters
> needed it 876. So sending "cwd b" where b > 875 will crash the remote
> server.
Evidence of an overflow of some sort. The question I'm interested
in knowing the answer to is how easy is it to exploit this to obtain
a remote session or system access ? Presumably starting up a
"command" window is not the answer here :-)
darren
