possible remote buffer overflow in atftpd

From: Rick (rikulat_private)
Date: Wed Jun 04 2003 - 14:11:50 PDT

  • Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:192-01] Updated KDE packages fix security issue"

    There is possible remote buffer overflow in atftpd. It has to do with length
    of filename which client sends to atftpd server. If you send filename over
    ~253 bytes, it crashes with segfault. When I attach to process with gdb I
    can see it trying to run instruction from EIP 0x41414141. That cant be a
    good thing. I've tested this on debian woody. I've creating proof of concept
    exploit for it but having few troubles :)
    Rick Patel

    This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 15:28:41 PDT