hi, in addition to defcoms posting about the buffer overflow in WS_FTP 2.03, i can confirm this for the WS_FTP 1.05 Version ( maybe minor version too... ) IPSWITCH releases always patches for both Versions 1.x und 2.x, coz it seems the versions are maintained separately. As IPSWITCH hasn't released a fix for the 1.05 Version yet, i thought it should be mentioned here. I had to enter 463 bytes after the STAT command, to stop the service running. Because the overflow is dependant on the size of the name of the server this will differ on other systems. A good playground to test the bo is between 460 and 500 bytes. with some handy work, i got the defcom exploitcode running, but luckily not so easy that every script kid can exploit it remotely. cheers johnny -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 18:59:44 PST