Hi,

I am just writing a small set of perl scripts, to test server
implementations
of different protocols agains common problems ( i.e. Buffer overflow and
format strings.. ). The first script is against FTP servers, and just
stupidly
sends stuff to a server, verifies if the server crashes and if it does,
it reports the problem [ www.kryptocrew.de/snakebyte/bed.html ].

Everything has been tested with Win95, I still wait for my new cpu, so I can
install a fine sourcemage gnu/linux on my desktop pc too :), so some
problems
might not be caused by the server itself but by the OS )

The 4 Problems are all not very serious ( maybe the directory traversal is
? )
but I don't think that these FTP's are widely used. Most of the vendors are
informed yesterday. If these bugs are already known I am sorry for this
mail.
The FTP's are the ones I found about a week ago at download.com, so maybe
newer versions exists.

 greetings Eric

ps:
greetings to Duke"plzgreetme"CS
and J for providing beer and playing skat :)

FtpXQ
 MKD AAAAAAAAAAAAA.....AAAA
 ( longer than 254 chars crashes the server)

TransSoft's Broker FTP Server 5.0 Evaluation Version
 CWD ...
 CWD ....
 crashes the server ( sometimes with bsod )

MeteorSoft Meteor FTP 1.2b
 MKD AAAAAAAAAAAAA...AAAA
 STOR AAAAAAAAAAAA...AAAA
 crashes the server

Texas Imperial Software WFTPD
 CWD ...
 CWD ....
 directory traversal possible

--
 www.kryptocrew.de/snakebyte/  -- just my stuff

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]