Re: [Full-Disclosure] XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow

From: Stefan Esser (s.esser_at_e-matters.de)
Date: 02/10/04

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Fwd: Re: [Full-Disclosure] Virus infect on single user]"
    To: icbm <icbm@0x557.net>
    Date: Tue, 10 Feb 2004 09:33:43 +0100
    
    

    Morning

    > XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow

    beside the fact that EvolutionX is illegal software, because it is
    compiled against the leaked Microsoft XBOX XDK, your indepth analysis
    lacks the most funny part:

    You can crash evolutionX by just connecting to the ftp server and
    supplying a long username:password combination.

    Ohh and unlike your crashes this one is preauth.

    Stefan Esser

    -- 
    --------------------------------------------------------------------------
     Stefan Esser                                        s.esser@e-matters.de
     e-matters Security                         http://security.e-matters.de/
     GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 
     Key fingerprint       B418 B290 ACC0 C8E5 8292  8B72 D6B0 7704 CF6C AE69
    --------------------------------------------------------------------------
     Did I help you? Consider a gift:            http://wishlist.suspekt.org/
    --------------------------------------------------------------------------
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Fwd: Re: [Full-Disclosure] Virus infect on single user]"