possible remote buffer overflow in atftpd

From: Rick (rikulat_private)
Date: Wed Jun 04 2003 - 12:31:11 PDT

Next message: mba1at_private: "New Secuity Vulnerabilities"

Previous message: chrisat_private: "Frame pointer overwriting and FreeBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

There is possible remote buffer overflow in atftpd. It has to do with length
of filename which client sends to atftpd server. If you send filename over
~253 bytes, it crashes with segfault. When I attach to process with gdb I
can see it trying to run instruction from EIP 0x41414141. That cant be a
good thing. I've tested this on debian woody. I've creating proof of concept
exploit for it but having few troubles :)

later,
Rick Patel

Next message: mba1at_private: "New Secuity Vulnerabilities"
Previous message: chrisat_private: "Frame pointer overwriting and FreeBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 14:23:20 PDT