Bugtraq mailing list archives
CesarFTPd, Cerberus FTPd
From: "Wizdumb" <wizdumb () pobox co za>
Date: Wed, 4 Jul 2001 10:48:46 +0200
Hi all, Long arguments for USER, PASS, PORT, DELE, REST, RMD, and MKD (perhaps others as well) sent to CesarFTPd (www.aclogic.com) will cause a stack overflow. I e-mailed the vendor almost 2 weeks ago and have recieved no response. :-/ Cerberus FTPd (mentioned in some-one's BugTraq post earlier - I forget who), has a couple of other overflows which weren't mentioned (PASS <long>, PASV\n x (lots), etc) and this vendor is also irresponsive. It seems that developers who make free software for the Win32 platform tend to believe that because their product is free, they don't have to maintain it at all, nor release source so that other people can. :-/ Anyway, these two daemons should be considered insecure - don't run them. Cheers, Andrew Lewis -- wizdumb at leet dot org http://www.mdma.za.net/fk
Current thread:
- CesarFTPd, Cerberus FTPd Wizdumb (Jul 04)