Bugtraq mailing list archives

Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability

From: alun () TEXIS COM (Alun Jones)
Date: Tue, 2 Nov 1999 20:39:10 -0000


In response to Luck Martins' report of a buffer overflow in 
WFTPD 2.40 and 2.34, we can confirm that this error does 
exist.  Our initial tests suggest that it is more of 
a 'denial-of-service' nature, rather than an exploit 
allowing an attacker to load their own code into memory - 
the access that generates the fault is overwriting a single 
null byte into heap space, rather than stack space.

We've been working on this problem over the weekend, 
coinciding as it has with our intent to release a new 
version, 2.41, early this week.  We are completing 
regression testing and beta testing and will be releasing 
the new version later today.

Alun Jones
President, Texas Imperial Software.

Current thread:

Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alun Jones (Nov 02)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability iarce (Nov 04)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alberto Soliño (Nov 04)
- Palm Hotsync vulnerable to DoS attack Aviram Jenik (Nov 04)
- RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd) ah1 () SECURITYFOCUS COM (Nov 04)
- Microsoft Security Bulletin (MS99-047) Aleph One (Nov 04)
- Re-release of Microsoft Security Bulletin MS99-042 Aleph One (Nov 04)