| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061107154034.23072.qmail@web23002.mail.ird.yahoo.com> Date: Tue, 7 Nov 2006 16:40:34 +0100 (CET) From: Joxean Koret <joxeankoret@...oo.es> To: "K F \(lists\)" <kf_lists@...italmunition.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: WarFTPd 1.82.00-RC11 Remote Denial Of Service Hi K F, No, I also thought the same but not. Internally (when looking into it with a debugger) the "%s" characters are expanded to something. If you tries the same exploit changing "%s" with, i.e., "%x" it doesn't work. I tried with various other combinations and, strangely, it only works with the "%s" string. -- Regards, Joxean Koret --- "K F (lists)" <kf_lists@...italmunition.com> escribió: > what does %x and %n do? It may just be a format > string problem. > ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists