|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Buffer overflow in Microsoft ftp.exe
From: aT4r InsaN3 (at4r
hotmail.com)
Date: Wed Apr 30 2003 - 03:34:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There is a Buffer overflow in the raw quote command in the Microsoft Windows
XP ftp.exe
just type:
quote AAAAAAAAA....[517 chars]...AAAAAAAAAAAA
ftp.exe will crash
after several checks i was unable to exploit this vulnerability remotely but
maybe there are other bugs in the way that ftp.exe manages the buffer of
server replyes.
An attack scenario can be the following:
a Windows workstation/server that executes commands like this one: at
/next:xxxxxx ftp -s:scriptfile
if an attacker with axx to the system is able to modify the scriptfile he
can modify the script and place an evil command Quote AAAAAA..SHELLCODE...
and execute code with elevated privileges.
tested in ftp.exe v 5.1.2600.1106 WINXP SP1 Spanish version
fix: check file permisions with cacls.
at4r [at] 3wdesign.es Security
_________________________________________________________________
Melodías, logos y mil servicios para tu teléfono en MSN Móviles.
http://www.msn.es/MSNMovil/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]