Vulnerability Development mailing list archives

Re: compress(vul) + ftpd(?)

From: HypH <hyphen () go2 pl>
Date: Thu, 7 Mar 2002 16:30:58 +0100

On Thu  7. March 2002 15:18, H D Moore wrote:

YES.  wu-ftpd will call compress with the file name as an argument if you
request the file name ending in .Z. You have to be able to write out a file
name containing the shell code to exploit the bug.


The problem is that the file have to be 1100 chars long , with the shellcode 
within. But wu-ftpd doesn`t allow/handle so long filenames.

I mentioned the compress bug back in 1998 and again in 2000, it finally 
got fixed on some of the  newer SuSE releases (not sure about Red Hat, 
I dont use it).


Compress in Red Hat 7.1 and 7.2 isnt fixed to this bug.




-- 
+-+-+-+-+-+-+-+-+-+-+-+
Were All Born Original 
Most Die As Copies
+-+-+-+-+-+-+-+-+-+-+-+

Current thread:

compress(vul) + ftpd(?) HypH (Mar 05)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
- Message not available
  - Re: compress(vul) + ftpd(?) HypH (Mar 07)
    - Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
    - Re: compress(vul) + ftpd(?) HypH (Mar 09)
    - Re: compress(vul) + ftpd(?) KF (Mar 09)
    - Re: compress(vul) + ftpd(?) HypH (Mar 09)
    - Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 09)
    - Re: compress(vul) + ftpd(?) H D Moore (Mar 10)
    - Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 11)
    - Re: compress(vul) + ftpd(?) H D Moore (Mar 12)
    - Re: compress(vul) + ftpd(?) Gushterul (Mar 12)
    - Re: compress(vul) + ftpd(?) HypH (Mar 11)

(Thread continues...)