RE: [Full-Disclosure] Re: How to crash a harddisk - the Ipswitch WS_FTP Server way
From: Hugh Mann (hughmann_at_hotmail.com)
Date: 03/24/04
- Previous message: John Sage: "Re: [Full-Disclosure] viruses being sent to this list"
- Maybe in reply to: exon: "[Full-Disclosure] Re: How to crash a harddisk - the Ipswitch WS_FTP Server way"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: exon@home.se Date: Wed, 24 Mar 2004 03:51:12 +0000
>From: exon <exon@home.se>
>This is old news.
>It is also RFC compliant behaviour, even though admitted silly.
You say this is old news. Can you tell me where this WS_FTP server
vulnerability has been published before? I always search google and BugTraq
before posting anything to make sure nothing is old news.
Perhaps you mean that some FTP servers have been known to be vulnerable to
easy creation of arbitrary sized files using REST? So what? How many
programs have been vulnerable to buffer overflows? I don't hear people
complaining about buffer overflow vulnerabilities being old news.
Also, I don't think you fully read my advisory. It says that a user who has
a max total file size limit can create arbitrary sized files. That is, the
user can create a file much larger than the user is allowed to create.
_________________________________________________________________
All the action. All the drama. Get NCAA hoops coverage at MSN Sports by
ESPN. http://msn.espn.go.com/index.html?partnersite=espn
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: John Sage: "Re: [Full-Disclosure] viruses being sent to this list"
- Maybe in reply to: exon: "[Full-Disclosure] Re: How to crash a harddisk - the Ipswitch WS_FTP Server way"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
