[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
From: Bill Weiss <houdini@nmt.edu>
Date: Fri, 6 Feb 2004 22:45:33 -0700

badpack3t(badpack3t@security-protocols.com)@Sat, Feb 07, 2004 at 12:29:54AM 
-0500:
> SP Research Labs Advisory x09
> --------------------------------------------
> 
> DreamFTP 1.02 Buffer Overflow
> --------------------------------------------
> Example:
> ---------
> 
> User (192.168.1.101:(none)): %n%n%n
> Connection closed by remote host.
> 
> **Application Crashes**

So, that would be a format string vuln, not a buffer overflow, right?

-- 
Bill Weiss
 
I'm trying to develop responses to things that annoy me that don't
involve the phrases 'nuke the site from orbit', 'I dispatch
assassins', or the word 'smite'.  Not going so well so far.
        -- Claire Bickell

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
  - From: "Kevin Gerry" <gui@goddessmoon.org>

References:
- [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
  - From: "badpack3t" <badpack3t@security-protocols.com>

Prev by Date: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
Next by Date: Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
Previous by thread: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
Next by thread: Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
Index(es):
- Date
- Thread