Jeremy, Try these - and packetstorm is always worth a try for exploits. http://packetstorm.decepticons.org/advisories/ussr/diewa170/ http://packetstorm.decepticons.org/9903-exploits/warftpd.170b1.passwd.txt http://packetstorm.decepticons.org/0104-exploits/Hexyn-sa-19.txt http://packetstorm.decepticons.org/advisories/b0f/warftpd.c (possibly?) http://packetstorm.decepticons.org/0002-exploits/warftpd-dos.c (possibly?) Richard -----Original Message----- From: Jeremy [mailto:prrthdat_private] Sent: 14 December 2001 15:39 To: pen-testat_private Subject: WarFTPd 1.70.b01.04 Hello all, We have several kiosks in our network that are maintained by a third party vender and which I have no control over. In a recent security audit I discovered that these kiosks are running WarFTPd 1.70.b01.04. The vender uses this to update the kiosks. I noticed that eeye.com found a BOF in this exact version and I am looking for an exploit to prove to management that our vender needs to upgrade the software. Also, are there any other vulnerabilities that I should be aware of for this version of WarFTP. Thanks, Jeremy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 09:34:27 PST