Vulnerability Development mailing list archives
Re: ftp.exe buffer overflow ?
From: Bob Monkier <bmonkey () OOK OBJECTIONABLE NET>
Date: Thu, 15 Feb 2001 18:19:40 -0700
Oi
I Think that this confirms Mr. Hassell's post. If i were to exploit this on a machine i think it would be easiest done by putting this in the start up somewhere on ethernet based machine. Has then been tested on NT? If so, the only thing that would need to be done is to have this run on start up and then have it add a user with admin privs. I'm not big on writing exploits, so, I could be wrong on this.
I don't have too much experience with NT, but I assume that you would need admin to have it run on startup. A simpler trick would be to hack ring0 access and do it there :) I know for a fact that its harder to do in NT than in win9x, but its not impossible. TTFN BM
Current thread:
- Re: /usr/bin/ddate buffer overflow, (continued)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
- ftp.exe buffer overflow ? cyber_hunter (Feb 10)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 10)
- Re: ftp.exe buffer overflow ? Mike Duncan (Feb 11)
- Re: ftp.exe buffer overflow ? Egemen Tas (Feb 11)
- Re: ftp.exe buffer overflow ? Perry Harrington (Feb 11)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
- Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
- Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 10)
- Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
- Message not available
- Re: ftp.exe buffer overflow ? Lincoln Yeoh (Feb 13)
- Re: ftp.exe buffer overflow ? Lord Soth (Feb 11)
- Message not available
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 11)