| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gary at pointblanksecurity.com (Gary H. Jones II) Subject: PlatinumFTP 1.0.18 remote DoS That software uses an FTP server ActiveX control made by Mabry Software. Any ftp server that uses this activex control is vulnerable. The ActiveX control is the cause of these bugs, not the PlatinumFTP software itself, when I took a look at the software, I noticed it was written in VB5, finding a format string in a program written in VB would be a *very* rare find, so I figured there would be a 3rd party control within the app that was written in C++. I ran it through a debugger, passed a few %s's and watched it crash. The title of the error message is "Mabry Socket Window: PlatinumFTPserverEngine.exe - Application Error", this is what lead to the discovery of the real issue. I downloaded the latest sample/demo of this ActiveX, and it is still vulnerable when you run VBSampleOCX.exe. Available here http://www.mabry.com/ftpserv/index.htm. There has been an advisory released already for this ActiveX control. http://secunia.com/advisories/10608/ -Gary ----- Original Message ----- From: "ports" <ml@...tsonline.net> To: "Gary H. Jones II" <gary@...ntblanksecurity.com> Cc: <full-disclosure@...ts.grok.org.uk> Sent: Saturday, March 12, 2005 1:13 PM Subject: Re: [Full-disclosure] PlatinumFTP 1.0.18 remote DoS > Gary H. Jones II wrote: > > > Reported in 2003 already... classic format string vulnerabilities > > http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-12/0080.html > > Yes, found that one as well. But since I found some additional Strings I > thought it might be interesting to post them :) > > > -gary > > ports > >
Powered by blists - more mailing lists