|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
WFTPD Pro Server 3.23 Buffer Overflow
From: Joxean Koret (joxeankoret
yahoo.es)
Date: Tue Nov 07 2006 - 03:26:29 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
WFTPD Pro Server 3.23 Buffer Overflow
-------------------------------------
A buffer overflow was found in the APPE command when
passing (as first) a long string
with slashes and/or backslashes. The exploit is
clearly exploitable as overwritting EIP
is quite easy but I'm too lazy...
Attached goes an (unfinished) POC.
Disclaimer
----------
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---------------------------------------------------------------------------
Contact
-------
Joxean Koret at <<<<<<<<>>>>>>>>yah00<<<<<<dot>>>>>es
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
- application/octet-stream attachment: 846879707-bof.py
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]