Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2

From: W.H.J.Pinckaers (W.H.J.Pinckaersat_private)
Date: Wed Sep 29 1999 - 05:00:32 PDT

Next message: Team Asylum: "Team Asylum: Yahoo! Messenger DoS"

Previous message: Jeremy Buhler: "Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)"
Next in thread: Bill Pemberton: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sq01at_private <sq01at_private> Wrote

>Hi,
> >
> >Short of disabling ftpd completely, is there a work-around that will not
> >affect our users ?
> >


At this time: NO, but please make sure you are vulnerable first, we
did discover that this bug is very specific for AIX 4.3.2. (Most other
AIX versions aren't vulnerable to this particular bug)

You can check this by running something like:
perl -e 'print "A" x 5000' | nc -v -v aix 21
(effectivly sending a long string to the aix ftpd)
if this returns immediatly (ftpd dies) you are vulnerable if it returns a
lot of 500 AAAAAAA... unknown command or something like that
errors you are NOT vulnerable.

Greetz
    dvorak (@synnergy.net // @hit2000.org)

Next message: Team Asylum: "Team Asylum: Yahoo! Messenger DoS"
Previous message: Jeremy Buhler: "Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)"
Next in thread: Bill Pemberton: "Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:48 PDT