[Full-Disclosure] XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow

From: icbm (icbm_at_0x557.net)
Date: 02/10/04

  • Next message: Daniel H. Renner: "[Fwd: Re: [Full-Disclosure] Virus infect on single user]"
    To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    Date: Tue, 10 Feb 2004 11:47:33 +0800
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow

    Vendor:
    - -------

    http://www.evolutionx.info

    Vulnerable version:
    - -------------------

    Test on EvolutionX 3921 3935, maybe all version of EvolutionX

    Vunlnerablity:
    - --------------

    EvolutionX is a Replacement of Microsoft Dashboard.It has these
    Features:Build in FTP Server, Configurable Menu System, Flash BIOS utility,
    Upgrade Harddisk and Format/Partition easily, Create game backups and
    Build in Trainer menu system.

    1.ftp 'cd' command buffer overflow:

    This issue exists when 'cd' command followed with a long string
    which will freeze the EvolutionX.

    2.telnet 'dir' command buffer overflow:

    This issue exists when 'dir' command followed with a long string
    which will freeze the EvolutionX.In addition, when you type a
    long sting just in command line it also cause EvolutionX freeze.

    Credits:
    - --------

    Jokko from Evolutionx team who fast identified this shit:)
    All guys on irc@0x557.org.
    All guys in venustech who have xbox:)You know who you are:)

    About SST:
    - ----------

    Do we really exist?:)

    - --
    - -------------------------------------------------------------------------
    Web page: www.0x557.org
    My blog: blog.0x557.org/icbm

    My GPG-Key: gpg --keyserver search.keyserver.net --recv-key 0xB527987A
    Key Fingerprint: F990 D012 689B 2B11 6504 75E3 BFCD 4521 B527 987A
    - -------------------------------------------------------------------------
    About SST: Do we really exist?
    - -------------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3-nr1 (Windows XP)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFAKFHGv81FIbUnmHoRAt1uAJoCrnWKTEntq5BaSIIWlrMtP2i+VgCghy30
    FvVtiwsjKzMG5+DJ6cPmkEM=
    =GkRR
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Daniel H. Renner: "[Fwd: Re: [Full-Disclosure] Virus infect on single user]"

    Relevant Pages