Smallftpd is a simple and small Ftp server for windows. A vulnerability exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow unauthorizeded users to browse the root directorys and skip access list. CWD \..\.. 250 CWD command successful. also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too have multiple vulnerabilities. Denial OF service: just type "%s %s" as login and the ftp server will crash. buffer overflows when a command have length >280 chars. example: cd AAAAAAAAAA... this bugs seems to be patched in the lastest version. at4r [at] 3wdesign.es Security 2003 _________________________________________________________________ Melodías, logos y mil servicios para tu teléfono en MSN Móviles. http://www.msn.es/MSNMovil/
This archive was generated by hypermail 2b30 : Wed Apr 30 2003 - 08:59:14 PDT