OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Marcell Fodor (m.fodormail.datanet.hu)
Date: Wed Apr 24 2002 - 15:13:23 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) Kerberos4 ftp client is a simple ftp client, with the
    extensions defined by RFC 2228.
    When authentication fails with AUTH, client will use
    USER/PASS command as other ones.

    A bug in the code may cause a heap overflow which leads to
    remote code execution.
    The overflow occurs when the server responds to client's
    request for passive mode. If the server
    responds with a long reply in the place of IP and port,
    pasv buffer will overflow.

    Affected version: 4-1.1.1

    The real danger: an ftp server can simply modified to
    recognize Kerberos4 ftp client by it's protocol. You know
    the rest.

    Details and exploit code: mantra.freeweb.hu

    Marcell Fodor