OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (feedbacktamersahin.net)
Date: Fri May 18 2001 - 05:03:22 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    =========================================
    Tamersahin.net Security Announcement
    =========================================
    DEBIAN 2.2 is 2.2r3 FTPD DAEMON BUFFER OWERFLOW
    =========================================

    Release Date:
    ==========
    May 18, 2001

    Severity:
    =======
    High.

    Systems Affected:
    ==============
    Debian 2.2 is 2.2r3 default ftpd daemon Version 6.2/OpenBSD/Linux-0.10.

    Concept:
    =======
    The vulnerability arises when a buffer of aprox. 400 bytes and more is sent
    within
    the ftpd daemon running Debian host header for a SITE request.

    Example:
    =======
    May 18 12:32:46 ts ftpd[677]: ts FTP server (Version 6.2/OpenBSD/Linux-0.10)
    ready.
    May 18 12:32:47 ts ftpd[677]: command: SITE
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    May 18 12:32:47 ts ftpd[677]: <--- 500
    May 18 12:32:47 ts ftpd[677]: 'SITE
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAA': command not understood.
    May 18 12:32:47 ts ftpd[677]: <--- 221
    May 18 12:32:47 ts ftpd[677]: You could at least say goodbye.
    May 18 12:32:47 ts inetd[139]: ftp/tcp server failing (looping), service
    terminated

    Exploit Code:
    ==========
    Not yet.

    Author:
    ======
    Tamer Sahin
    http://www.tamersahin.net
    feedbacktamersahin.net

    Copyright (c) 1995-2001 tamersahin.net