The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Hyperion FTP Server buffer overflow


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 23 Dec 2002 14:34:44 GMT+1
From: securma massine <[email protected]>
To: [email protected]
Subject: Hyperion FTP Server buffer overflow

--=_NextPart_Caramail_0084201040650484_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

hi

Hyperion FTP Server (http://www.mollensoft.com/ )is a 
powerful, reliable FTP server for Windows 95/98/NT/2000, 
and supports all basic FTP commands, and much more, such as 
passive mode. 
A vulnerability exists in Hyperion Ftp Server (version 
2.8.11)which allows a remote 
user to execute an arbitrary code ,it is a similar 
vulnerability of Enceladus Server Suite 
I believe that the problem reside in the use of Marby 
Socket Window and
 ftpservx.dll 
who does not support dir+(buffer=3D300 byte)
Access violation - code c0000005 (first chance)
eax=3D0012bcbc ebx=3D0012c574 ecx=3D42424242 edx=3D7846f5b5 
esi=3D0012bce4 edi=3D00147ffd
eip=3D42424242 esp=3D0012bc24 ebp=3D0012bc44 iopl=3D0 nv up 
ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b 
gs=3D0000 efl=3D00000246
42424242 ?? ???


made that eip point towards the beginning of our buffer 
makes me think a news methode to backdooring...
it is also noticed that the pass is without encoding 
a:/users/"login "

securma massine
french translation :
http://www.itmaroc.com/modules.php?
name=3DNews&file=3Darticle&sid=3D277
_________________________________________________________ 
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35─ Hors co=FBt du SMS)


--=_NextPart_Caramail_0084201040650484_ID--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру