[16022] in bugtraq
Re: AnalogX Proxy DoS
daemon@ATHENA.MIT.EDU (Pavel Machek)
Mon Jul 31 14:59:25 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20000730211136.A21604@bug.ucw.cz>
Date: Sun, 30 Jul 2000 21:11:36 +0200
Reply-To: Pavel Machek <pavel@UCW.CZ>
From: Pavel Machek <pavel@UCW.CZ>
X-To: labs@FOUNDSTONE.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <2153DBA073F0D311911100B0D01A826F16CC14@206-135-57-166.gw.eni.net>; from labs@FOUNDSTONE.COM on Mon,
Jul 24, 2000 at 08:02:22PM -0700
Hi!
> Severity: Low
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Proof of concept
>
> Sending an FTP "USER" command containing approximately 370 or
> more characters to the proxy server FTP TCP port 21 will crash
> it.
>
> Example #1: nc 192.168.1.2 21 < ftp.txt
>
> Where ftp.txt contains:
> "USER [long string of ~370 chars]@isp.com"
Denial of service only? It does not look so. It looks much more like
possibility to run arbitrary code on your windows machine! Or is
there specific reason why this can't be used to run arbitrary code?
Pavel
PS: It seems to me that many "Denial of Services" for windows machines
are "run arbitrary code" instead. It would be nice if people in
advisories told why their think that "run arbitrary code" is not
possible.
--
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
