htget-0.9.x stack overflow vulnerability

author: Darkeagle
date  : 01.12.04
vendor: http://www.jwhitham.org.uk/op/htget/
status: no patch

overview:

HTGET is a file grabber that will get files from HTTP servers.
The aim behind this program is to create a downloader that you can leave
running in the background - one that's totally reliable and can cope with
just about any problem, and won't stop downloading unless it's forced to.

details:

...
}
else if ( strncasecmp ( argv [ I ] , "--downloadsdir=" , 15 ) == 0 )
{
strcpy ( DownloadsDir , & argv [ I ][ 15 ] ) ;
...

solution:

use wget :)

exploit:

lame local r00t xpl you can find @ exploiterz.org

greetz:
all unl0ckerz, nosystemz, ghc'z

(c) Darkeagle [ http://exploiterz.org ]