Full Disclosure mailing list archives
Re: DreamFTP Server 1.02 Buffer Overflow
From: Bill Weiss <houdini () nmt edu>
Date: Fri, 6 Feb 2004 22:45:33 -0700
badpack3t(badpack3t () security-protocols com)@Sat, Feb 07, 2004 at 12:29:54AM -0500:
SP Research Labs Advisory x09 -------------------------------------------- DreamFTP 1.02 Buffer Overflow -------------------------------------------- Example: --------- User (192.168.1.101:(none)): %n%n%n Connection closed by remote host. **Application Crashes**
So, that would be a format string vuln, not a buffer overflow, right?
--
Bill Weiss
I'm trying to develop responses to things that annoy me that don't
involve the phrases 'nuke the site from orbit', 'I dispatch
assassins', or the word 'smite'. Not going so well so far.
-- Claire Bickell
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DreamFTP Server 1.02 Buffer Overflow badpack3t (Feb 06)
- Re: DreamFTP Server 1.02 Buffer Overflow Bill Weiss (Feb 06)
- Re: DreamFTP Server 1.02 Buffer Overflow Kevin Gerry (Feb 06)
- Re: DreamFTP Server 1.02 Buffer Overflow Berend-Jan Wever (Feb 11)
- Re: DreamFTP Server 1.02 Buffer Overflow Bill Weiss (Feb 06)