lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue Apr 26 18:31:38 2005
From: shadown at gmail.com (shadown)
Subject: ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow +
	PoC Exploit

See attached files.
Cheers,
  shadown

-- 
Sergio Alvarez
Security, Research & Development
IT Security Consultant
email: shadown@...il.com

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have
received it by mistake please let us know by e-mail immediately and
delete it from your system; should also not copy the message nor
disclose its contents to anyone. Many thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exp_netftpd.py
Type: text/x-python
Size: 8257 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050426/b80d10ff/exp_netftpd.py
-------------- next part --------------
Vendor: InterSoft International Inc.
Product: NetTerm
Version: 5.1.1, probably lower versions too
Vulnerability Type: Buffer Overflow
Download Link: http://www.securenetterm.com/pub/nt32511i.exe

Credits:
  Discovered by Sergio 'shadown' Alvarez, while dictating a 'Vuln-Dev on Win32 and Exploits Coding' course.

History:
  Discovered date: 21/04/2005
  Reported: 26/04/2005
  Vendor Response: 26/04/2005
  		This is a known bug that has been reported to our clients.
		Netftpd was a free addition to our NetTerm product, at the request of our clients.
		They were warned to never use netftpd as a general purpose ftp server, and to only use it behind a firewall.
		However, it does still present a potential problem, so we have removed it from the NetTerm distribution.
		Our www site at www.netterm.com and www.securenetterm.com has been updated with a version of NetTerm that does not contain the netftpd.exe program.
		We will also update the What's New page on both web sites for the new release in the next two days.
		Thanks for bringing to to our attention.	  
			Ken
  Patch Release: None
  Public Advisorie: 26/04/2005

Description:
  NetTerm is one of the most used win32 telnet client software.

Vulnerabilitie:
  NetTerm's NetFtpd 4.2.2 has a buffer overflow on authentication. I've just tested 'user' command, but probably other commands are vulnerable too.

Patch:
	None.

WorkAround:
  Don't use it.
  
PoC Exploit:
  Attached is a working exploit for Win2k, any SP.

Powered by blists - more mailing lists