| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: epic at hack3r.com (Epic) Subject: ProFtp bufferoverflow. Isn't "The vulnerability is caused due to a boundary error in the ASCII file transfer component when translating newline characters. This can be exploited to cause a buffer overflow by uploading and then downloading a specially crafted file." And. "The vulnerability is caused due to two off-by-one errors in the "_xlate_ascii_write()" function. These can be exploited by sending a specially crafted "RETR" FTP command with a 1023 bytes long argument starting with a linefeed character." Different? I am not expert, and was wondering If this was actually something new in the same ASCII File translation.? Epic -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Andreas Gietl Sent: Thursday, March 04, 2004 11:34 AM To: Frederic Charpentier; full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] ProFtp bufferoverflow. Frederic Charpentier <fcharpentier@...opartners.com> wrote: maybe the exploit is new - but the vuln is old. > hi FD, > > do you guys knows something about the new proftpd exploit ? > > http://secunia.com/advisories/11039/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists