Re: compress(vul) + ftpd(?)

From: H D Moore (hdmat_private)
Date: Thu Mar 07 2002 - 07:57:02 PST

Next message: H D Moore: "Re: My Saturday with Netstumbler..."

Previous message: H D Moore: "Re: SSH2 Exploit?"
Next in thread: HypH: "Re: compress(vul) + ftpd(?)"
Next in thread: H D Moore: "Re: compress(vul) + ftpd(?)"
Reply: HypH: "Re: compress(vul) + ftpd(?)"
Reply: Pavel Kankovsky: "Re: compress(vul) + ftpd(?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 07 March 2002 09:30 am, HypH wrote:
> On Thu  7. March 2002 15:18, H D Moore wrote:
> > YES.  wu-ftpd will call compress with the file name as an argument if you
> > request the file name ending in .Z. You have to be able to write out a
> > file name containing the shell code to exploit the bug.
>
> The problem is that the file have to be 1100 chars long , with the
> shellcode within. But wu-ftpd doesn`t allow/handle so long filenames.

Hmm.. What about splitting the shellcode into different directories and the 
requesting the full path to the file (directories and all) ending in .Z?

Next message: H D Moore: "Re: My Saturday with Netstumbler..."
Previous message: H D Moore: "Re: SSH2 Exploit?"
Next in thread: HypH: "Re: compress(vul) + ftpd(?)"
Next in thread: H D Moore: "Re: compress(vul) + ftpd(?)"
Reply: HypH: "Re: compress(vul) + ftpd(?)"
Reply: Pavel Kankovsky: "Re: compress(vul) + ftpd(?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 09:43:15 PST