smallftpd's version 1.0.2 Directory Transversal Vulnerability

From: aT4r InsaN3 (at4rat_private)
Date: Wed Apr 30 2003 - 03:05:27 PDT

Next message: Ali Saifullah Khan: "Re: Windows XP mmc.exe Crash"

Previous message: Dave McKinney: "Administrivia: Local Windows Overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Smallftpd is a simple and small Ftp server for windows. A vulnerability 
exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow 
unauthorizeded users to browse the root directorys and skip access list.


CWD \..\..
250 CWD command successful.


also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too 
have multiple vulnerabilities.

Denial OF service: just type "%s %s" as login and the ftp server will crash.
buffer overflows when a command have length >280 chars. example: cd 
AAAAAAAAAA...

this bugs seems to be patched in the lastest version.


at4r [at] 3wdesign.es Security 2003


_________________________________________________________________
Melodías, logos y mil servicios para tu teléfono en MSN Móviles.  
http://www.msn.es/MSNMovil/

Next message: Ali Saifullah Khan: "Re: Windows XP mmc.exe Crash"
Previous message: Dave McKinney: "Administrivia: Local Windows Overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 30 2003 - 08:59:14 PDT