[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow

To: Joxean Koret <joxeankoret@xxxxxxxx>
Subject: Re: [Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
Date: Tue, 07 Nov 2006 18:38:39 -0800

And did you email the vendor first?

mailto:bugs@xxxxxxxxx

It's listed on his page you know... and have you given them a chance to 
fix it or are you "too lazy" to give a vendor a chance to fix things 
first before you full-disclosure them?

There are some vendors that yeah.. it's hard to argue that they've not 
been given enough time to fix things...but may I ask you.... did you 
email the vendor first?  At least try to contact them?

In full disclosure, I know him and I've never ever seen him not be 
responsive and jump on a bug report...next time dude.... email is quite 
effective in contacting vendors... especially ones that are responsive, 
if a spam filter swallowed it up ... that's something that we're all 
having to unfortunately deal with these days... and I'll apologize if 
you did try to contact him.  But as I said, historically speaking he's 
always been very responsive.  (as someone said to me the spammers are 
hiring better coders these days...)

Joxean Koret wrote:
> WFTPD Pro Server 3.23 Buffer Overflow
> -------------------------------------
>
> A buffer overflow was found in the APPE command when
> passing (as first) a long string
> with slashes and/or backslashes. The exploit is
> clearly exploitable as overwritting EIP
> is quite easy but I'm too lazy...
>
> Attached goes an (unfinished) POC.
>
> Disclaimer
> ----------
>
> The information in this advisory and any of its
> demonstrations is provided "as is" without any
> warranty of any kind.
>
> I am not liable for any direct or indirect damages
> caused as a result of using the information or
> demonstrations provided in any part of this advisory.
> ---------------------------------------------------------------------------
>
> Contact
> -------
> Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
>
>
>               
> ______________________________________________ 
> LLama Gratis a cualquier PC del Mundo. 
> Llamadas a fijos y móviles desde 1 céntimo por minuto. 
> http://es.voice.yahoo.com

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow
  - From: Joxean Koret

Prev by Date: [Full-disclosure] [ MDKSA-2006:201 ] - Updated pam_ldap packages fix PasswordPolicyReponse coding error
Next by Date: [Full-disclosure] [ MDKSA-2006:202 ] - Updated wv packages fix vulnerabilities
Previous by thread: [Full-disclosure] WFTPD Pro Server 3.23 Buffer Overflow
Next by thread: [Full-disclosure] WarFTPd 1.82.00-RC11 Remote Denial Of Service
Index(es):
- Date
- Thread