Re: compress(vul) + ftpd(?)

From: HypH (hyphenat_private)
Date: Thu Mar 07 2002 - 07:30:58 PST

Next message: Maurycy Prodeus: "StackShield"

Previous message: Christian Gresser: "off by one exploits?"
Next in thread: H D Moore: "Re: compress(vul) + ftpd(?)"
Reply: H D Moore: "Re: compress(vul) + ftpd(?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu  7. March 2002 15:18, H D Moore wrote:
> YES.  wu-ftpd will call compress with the file name as an argument if you
> request the file name ending in .Z. You have to be able to write out a file
> name containing the shell code to exploit the bug. 

The problem is that the file have to be 1100 chars long , with the shellcode 
within. But wu-ftpd doesn`t allow/handle so long filenames. 

> I mentioned the compress bug back in 1998 and again in 2000, it finally 
> got fixed on some of the  newer SuSE releases (not sure about Red Hat, 
>I dont use it).

Compress in Red Hat 7.1 and 7.2 isnt fixed to this bug.




-- 
+-+-+-+-+-+-+-+-+-+-+-+
Were All Born Original 
Most Die As Copies
+-+-+-+-+-+-+-+-+-+-+-+

Next message: Maurycy Prodeus: "StackShield"
Previous message: Christian Gresser: "off by one exploits?"
Next in thread: H D Moore: "Re: compress(vul) + ftpd(?)"
Reply: H D Moore: "Re: compress(vul) + ftpd(?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 16:56:37 PST