lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Apr 26 18:31:38 2005 From: shadown at gmail.com (shadown) Subject: ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit See attached files. Cheers, shadown -- Sergio Alvarez Security, Research & Development IT Security Consultant email: shadown@...il.com This message is confidential. It may also contain information that is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by e-mail immediately and delete it from your system; should also not copy the message nor disclose its contents to anyone. Many thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: exp_netftpd.py Type: text/x-python Size: 8257 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050426/b80d10ff/exp_netftpd.py -------------- next part -------------- Vendor: InterSoft International Inc. Product: NetTerm Version: 5.1.1, probably lower versions too Vulnerability Type: Buffer Overflow Download Link: http://www.securenetterm.com/pub/nt32511i.exe Credits: Discovered by Sergio 'shadown' Alvarez, while dictating a 'Vuln-Dev on Win32 and Exploits Coding' course. History: Discovered date: 21/04/2005 Reported: 26/04/2005 Vendor Response: 26/04/2005 This is a known bug that has been reported to our clients. Netftpd was a free addition to our NetTerm product, at the request of our clients. They were warned to never use netftpd as a general purpose ftp server, and to only use it behind a firewall. However, it does still present a potential problem, so we have removed it from the NetTerm distribution. Our www site at www.netterm.com and www.securenetterm.com has been updated with a version of NetTerm that does not contain the netftpd.exe program. We will also update the What's New page on both web sites for the new release in the next two days. Thanks for bringing to to our attention. Ken Patch Release: None Public Advisorie: 26/04/2005 Description: NetTerm is one of the most used win32 telnet client software. Vulnerabilitie: NetTerm's NetFtpd 4.2.2 has a buffer overflow on authentication. I've just tested 'user' command, but probably other commands are vulnerable too. Patch: None. WorkAround: Don't use it. PoC Exploit: Attached is a working exploit for Win2k, any SP.
Powered by blists - more mailing lists