A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution

From: Marcell Fodor (m.fodorat_private)
Date: Wed Apr 24 2002 - 13:13:23 PDT

Next message: Steven Zins: "Re: LabVIEW Web Server DoS Vulnerability"

Previous message: Stefan Walk: "Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Kerberos4 ftp client is a simple ftp client, with the extensions defined by RFC 2228. When authentication fails with AUTH, client will use USER/PASS command as other ones. A bug in the code may cause a heap overflow which leads to remote code execution. The overflow occurs when the server responds to client's request for passive mode. If the server responds with a long reply in the place of IP and port, pasv buffer will overflow. Affected version: 4-1.1.1 The real danger: an ftp server can simply modified to recognize Kerberos4 ftp client by it's protocol. You know the rest. Details and exploit code: mantra.freeweb.hu Marcell Fodor

Next message: Steven Zins: "Re: LabVIEW Web Server DoS Vulnerability"
Previous message: Stefan Walk: "Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 15:40:42 PDT