Bugtraq mailing list archives
Re: WS FTP Server Advisory
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Thu, 4 Feb 1999 00:29:07 +1100
[...]
AAAAAAAAAAAAAAAA Connection to host lost. The iFtpSvc.exe (Server Exe) process has now exited and therefore the WS_FTP Server will no longer respond. There is no error displayed on screen nor is the event log written to. The smallest amount of characters needed it 876. So sending "cwd b" where b > 875 will crash the remote server.
Evidence of an overflow of some sort. The question I'm interested in knowing the answer to is how easy is it to exploit this to obtain a remote session or system access ? Presumably starting up a "command" window is not the answer here :-) darren
Current thread:
- WS FTP Server Advisory Marc (Feb 02)
- Re: WS FTP Server Advisory Darren Reed (Feb 03)
- distributed security stas lanford (Feb 03)