[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] ProFtp bufferoverflow.
- To: "'Andreas Gietl'" <a.gietl@xxxxxxxxxx>, "'Frederic Charpentier'" <fcharpentier@xxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] ProFtp bufferoverflow.
- From: "Epic" <epic@xxxxxxxxxx>
- Date: Thu, 4 Mar 2004 12:44:44 -0700
Isn't
"The vulnerability is caused due to a boundary error in the ASCII file
transfer component when translating newline characters. This can be
exploited to cause a buffer overflow by uploading and then downloading a
specially crafted file."
And.
"The vulnerability is caused due to two off-by-one errors in the
"_xlate_ascii_write()" function. These can be exploited by sending a
specially crafted "RETR" FTP command with a 1023 bytes long argument
starting with a linefeed character."
Different?
I am not expert, and was wondering If this was actually something new in
the same ASCII File translation.?
Epic
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Andreas
Gietl
Sent: Thursday, March 04, 2004 11:34 AM
To: Frederic Charpentier; full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] ProFtp bufferoverflow.
Frederic Charpentier <fcharpentier@xxxxxxxxxxxxxxxx> wrote:
maybe the exploit is new - but the vuln is old.
> hi FD,
>
> do you guys knows something about the new proftpd exploit ?
>
> http://secunia.com/advisories/11039/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html