Bugtraq mailing list archives
[vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability
From: "bkbll" <bkbll () cnhonker net>
Date: Thu, 26 Feb 2004 23:13:00 +0800
[vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability www.cnhonker.com Security Advisory Advisory Name: Serv-U MDTM Command Buffer Overflow Vulnerability Release Date: 02/26/2004 Affected version: Serv-U < 5.0.0.4 Author: bkbll <bkbll () cnhonker net> URL: http://www.cnhonker.com/advisory/serv-u.mdtm.txt Overview: The Serv-U is a ftp daemon runs on windows. Serv-U supports a ftp command "MDTM" for user changing file time . There is a buffer overflow when a user logged in and send a malformed time zone as MDTM argument. This can be remote exploit and gain SYSTEM privilege. Exploit: When a user logged in, he can send this MDTM 20031111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /test.txt You must have a valid user account and password to exploit it, and you are not need WRITE or any other privilege. And even the test.txt,which is the file you request, can not be there. :) So you can put your shellcode as the filename. About HUC: HUC is still alive. ---------------------------------------------------------- [bkbll () cnhonker net bkbll]#date +"%%F %%T" [bkbll () cnhonker net bkbll]#2004-02-26 23:11:36
Current thread:
- [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability bkbll (Feb 26)