supergateat_private wrote: [snip stuff] > Summary > Possible buffer overflow in windows ftp client... Ok, and what do you gain by this? Also see previous threads (yes they are a while ago) "ftp.exe buffer overflow" and "FTP.exe risk:low" about some other bugs in the ftp client (format string bugs). > Thats it... if we will find the time we will prolly work on it. > > Conclusion > So is prolly possible execute code in the system, and for sure crash the > client (will ever be useful:P?) Looks like it's exploitable yes (EIP=0x61616161 with lots of 'aaaaa')... but why would you try to exploit if you don't gain anything by this (ok except for learning how to write exploits)... 1. ftp.exe runs with normal user privileges (local exploit gains nothing), if it would run with higher privileges you have a problem anyway. 2. it's not remotely exploitable (I've never heard of a browser launching ftp.exe and sending the commands), and I assume "let the victim type the exploitcode in ftp.exe" isn't a remote exploit :P Anyway, if you like client side bugs you could better search for something like server sending "evilstuff" to client which causes (for example) an overflow. In that case you could write a remote exploit... _that_ would be a security bug Cya, Syzop.
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 11:26:10 PST