Windows 95/NT War FTPD 1.65 Buffer Overflow

From: Aleph One (aleph1at_private)
Date: Wed Feb 04 1998 - 10:49:42 PST

Next message: der Mouse: "Re: Defeating Solar Designer non-executable stack patch"

Previous message: Darren J Moffat - Sun UK - Consultant Engineer: "Re: RedHat 4.x/5.0 /dev permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>From rootshell:

---------- Forwarded message ----------
Windows 95/NT War FTPD 1.65 Buffer Overflow
-------------------------------------------

The popular War FTPD daemon for Windows 95 and NT contains a very bad buffer
overflow allows for remote users to execute code on your stack or simply
crash the ftp server.

The overflow exists in many places including the USER and PASS phase.  To
exploit War FTPD you must connect to the FTP server (port 21) and issue the
following command :

USER xxxxxxxxxxxxxxxxxxxxxxxxxxxxx (very long string)

or

PASS xxxxxxxxxxxxxxxxxxxxxxxxxxxxx (very long strong)

At this point the FTP daemon will crash.  We at Rootshell are not Windows
users and did not have the resources or time to write actual code to execute
on the stack, however it IS possible.

You may find War FTPD information at http://www.sidenet.com.br/jgaa/

Next message: der Mouse: "Re: Defeating Solar Designer non-executable stack patch"
Previous message: Darren J Moffat - Sun UK - Consultant Engineer: "Re: RedHat 4.x/5.0 /dev permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:37 PDT