Vulnerability Development mailing list archives
Re: ftp.exe buffer overflow ?
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Tue, 13 Feb 2001 01:59:15 +0800
At 08:45 PM 2/11/01 -0500, Michal Zalewski wrote:
On Mon, 12 Feb 2001, Egemen Tas wrote:This bug is different from the ones you mentioned.. This is the bug in MS FTP Client's QUOTE command.MS FTP client is surprisingly similar to BSDish ftp client, containing - for example - some similar strings in its binary. It's been discussed on
but does not pose great security risk.Because ftp.exe runs with the credidentals of currently logged on user.
Right =)
But for windows 9x the currently logged on user is effectively "root" or "administrator" on the local machine. Still it's not as bad as if that ftp client bug was in IE or Netscape - in which case a site could trigger it with less chance of the user noticing. Cheerio, Link.
Current thread:
- Re: ftp.exe buffer overflow ?, (continued)
- Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
- Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
- Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
- Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
- Message not available
- Re: ftp.exe buffer overflow ? Lincoln Yeoh (Feb 13)
- Re: ftp.exe buffer overflow ? Lord Soth (Feb 11)
- Message not available
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 11)
- Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 14)