[30357] in bugtraq
possible remote buffer overflow in atftpd
daemon@ATHENA.MIT.EDU (Rick)
Wed Jun 4 18:30:36 2003
Message-ID: <000f01c32add$ea4fc060$040aa8c0@specialtyrisk.com>
From: "Rick" <rikul@interbee.com>
To: <bugtraq@securityfocus.com>
Date: Wed, 4 Jun 2003 16:11:50 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hello,
There is possible remote buffer overflow in atftpd. It has to do with length
of filename which client sends to atftpd server. If you send filename over
~253 bytes, it crashes with segfault. When I attach to process with gdb I
can see it trying to run instruction from EIP 0x41414141. That cant be a
good thing. I've tested this on debian woody. I've creating proof of concept
exploit for it but having few troubles :)
later,
Rick Patel
