Possible Buffer Overflow in CesarFTP

From: Matthew Murphy (mattmurphyat_private)
Date: Fri Aug 30 2002 - 18:34:25 PDT

Next message: Ian Webb: "RE: IE without Images"

Previous message: Matthew Murphy: "FactoSystem CMS Contains Multiple Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I suspect a buffer overflow vulnerability in CesarFTP (v0.99e tested) that
exists in "server.exe".  When receiving a command that contains a parameter
of about 1200 characters, it drops all of its sessions and server.exe
terminates.  However, the controller restarts the killed process.  I looked
in the event log -- it makes no mention of the lengthy command.  Any ideas?

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Next message: Ian Webb: "RE: IE without Images"
Previous message: Matthew Murphy: "FactoSystem CMS Contains Multiple Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 31 2002 - 19:07:33 PDT