[16066] in bugtraq
Re: AnalogX Proxy DoS
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Iv=E1n?= Arce)
Wed Aug 2 19:41:55 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <3988816A.4EDEBD4C@core-sdi.com>
Date: Wed, 2 Aug 2000 22:28:27 -0300
Reply-To: =?iso-8859-1?Q?Iv=E1n?= Arce <core.lists.bugtraq@CORE-SDI.COM>
From: =?iso-8859-1?Q?Iv=E1n?= Arce <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Pavel Machek wrote:
>
> Hi!
>
> > Severity: Low
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> > Proof of concept
> >
> > Sending an FTP "USER" command containing approximately 370 or
> > more characters to the proxy server FTP TCP port 21 will crash
> > it.
> >
> > Example #1: nc 192.168.1.2 21 < ftp.txt
> >
> > Where ftp.txt contains:
> > "USER [long string of ~370 chars]@isp.com"
>
> Denial of service only? It does not look so. It looks much more like
> possibility to run arbitrary code on your windows machine! Or is
> there specific reason why this can't be used to run arbitrary code?
> Pavel
> PS: It seems to me that many "Denial of Services" for windows machines
> are "run arbitrary code" instead. It would be nice if people in
> advisories told why their think that "run arbitrary code" is not
> possible.
In the past months i've seen this type of advisories a lot. Apparently
the security people is not taking the time to assess the extend of the
problems they find.
I'd say that almost all buffer overflows UNLESS stated otherwise,
led to the posibility to run arbitrary code on the vulnerable machine.
A not explotable buffer overflow is generally harder to find than an
exploitable one.
-ivan
> --
> I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
> Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
--
"Understanding. A cerebral secretion that enables one having it to know
a house from a horse by the roof on the house,
It's nature and laws have been exhaustively expounded by Locke,
who rode a house, and Kant, who lived in a horse." - Ambrose Bierce
==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A
email : iarce@core-sdi.com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================
--- For a personal reply use iarce@core-sdi.com
