| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Nov 2006 10:26:05 +0100 (CET) From: Joxean Koret <joxeankoret@...oo.es> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: WFTPD Pro Server 3.23 Buffer Overflow WFTPD Pro Server 3.23 Buffer Overflow ------------------------------------- A buffer overflow was found in the APPE command when passing (as first) a long string with slashes and/or backslashes. The exploit is clearly exploitable as overwritting EIP is quite easy but I'm too lazy... Attached goes an (unfinished) POC. Disclaimer ---------- The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. --------------------------------------------------------------------------- Contact ------- Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists