Vulnerability Development mailing list archives
Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability
From: "U dong-houn" <xploit () hackermail com>
Date: Wed, 05 Dec 2001 16:55:33 +0800
Have ever experienced such work before me.
At that time, as well as Proftpd,
by format string limitation that is found in wu-ftpd and so on, was mistaking.
It is that is client limitation that was stupid justly.
Format string bug happens in ftp client by source.
Can see this now.
bash-2.04$ ftp 127.0.0.1
Connected to 127.0.0.1.
...
Name (127.0.0.1:x82): x82
331 Password required for x82.
Password:
230 User x82 logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
...
ftp> site AAAA%x%x%x%x%x%x%x%x%x%x
500 'SITE AAAA806C1A527FA805164828057650BFFFE9C4BFFFC190455449534141412025782541' not understood.
ftp> quote AAAA%x%x%x%x%x%x%x%x%x%x
500 AAAA806C1A627FF805164828057650BFFFE9C4BFFFC190414141417825782578257825 not understood.
ftp> site AAAA%x%x%x%x%x%x%x%x%n
Segmentation fault (core dumped)
bash-2.04$
Stupid ftp client program may have to be re-formed.
Desire there is no mistake ...
If use a debugging tool, can see that have been expired in client.
--
by Xpl017Elz
P.S: Always so ...
Sorry. I gave up original English.
Study English since next time. So, make understood other people.
Thank you for reading unwise writing. ^-^*
--
Powered by Outblaze
Current thread:
- ProFTPD 1.2.2rc3 Remote Server Vulnerability smackenz (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability KF (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability Alex Butcher (vuln-dev) (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability scott (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability ARAI Yuu (Dec 04)
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability (-> ftp client buffer overflow) Ciprian Csordas (Dec 05)
- <Possible follow-ups>
- Re: ProFTPD 1.2.2rc3 Remote Server Vulnerability U dong-houn (Dec 05)