[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061107092629.30673.qmail@web23012.mail.ird.yahoo.com>
Date: Tue, 7 Nov 2006 10:26:29 +0100 (CET)
From: Joxean Koret <joxeankoret@...oo.es>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: WFTPD Pro Server 3.23 Buffer Overflow
WFTPD Pro Server 3.23 Buffer Overflow
-------------------------------------
A buffer overflow was found in the APPE command when
passing (as first) a long string
with slashes and/or backslashes. The exploit is
clearly exploitable as overwritting EIP
is quite easy but I'm too lazy...
Attached goes an (unfinished) POC.
Disclaimer
----------
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---------------------------------------------------------------------------
Contact
-------
Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
Download attachment "bof.py" of type "application/octet-stream" (3013 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists