RE: [Full-Disclosure] Re: How to crash a harddisk - the Ipswitch WS_FTP Server way

From: Hugh Mann (hughmann_at_hotmail.com)
Date: 03/24/04

  • Next message: yossarian_at_planet.nl: "[Full-Disclosure] Hokki =)"
    To: exon@home.se
    Date: Wed, 24 Mar 2004 03:51:12 +0000
    
    

    >From: exon <exon@home.se>
    >This is old news.
    >It is also RFC compliant behaviour, even though admitted silly.

    You say this is old news. Can you tell me where this WS_FTP server
    vulnerability has been published before? I always search google and BugTraq
    before posting anything to make sure nothing is old news.

    Perhaps you mean that some FTP servers have been known to be vulnerable to
    easy creation of arbitrary sized files using REST? So what? How many
    programs have been vulnerable to buffer overflows? I don't hear people
    complaining about buffer overflow vulnerabilities being old news.

    Also, I don't think you fully read my advisory. It says that a user who has
    a max total file size limit can create arbitrary sized files. That is, the
    user can create a file much larger than the user is allowed to create.

    _________________________________________________________________
    All the action. All the drama. Get NCAA hoops coverage at MSN Sports by
    ESPN. http://msn.espn.go.com/index.html?partnersite=espn

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: yossarian_at_planet.nl: "[Full-Disclosure] Hokki =)"

    Relevant Pages

    • Re: You also forgot
      ... The trojan horse OSX/Jahlav-C recently reported in the news is in fact a ... You will note in the above; Apple passed a virus on to Windows. ... vulnerability in the Java Runtime Environment currently in use by OS X. ... malicious java applet to be exploited. ...
      (comp.sys.mac.advocacy)
    • Re: You also forgot
      ... The trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. ... Apple has finally acknowledged that spyware and viruses are a threat for Mac OS X, as well as the latest operating system in the works, Snow Leopard. ... This vulnerability is present in both Mac OS X and Windows Safari. ... All a user has to do is visit a web page hosting a malicious java applet to be exploited. ...
      (comp.sys.mac.advocacy)
    • ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
      ... In order to test this vulnerability, you can go on websites that use these CMS, post a news with this code and see the result. ... NPDS: They have been contacted by Magistrat and should fix it in futures versions ... The "removehack" from NPDS doesn't fix the problem even if NPDS team tell it does. ...
      (Bugtraq)
    • SRT Security Advisory (SRT2002-06-04-1011): slurp
      ... Slurp news retriever remote format string vulnerability ... Slurp is an advanced passive NNTP client for UNIX. ... Malicious server owners can use this vulnerability to execute code ...
      (Bugtraq)
    • SRT Security Advisory (SRT2002-06-04-1011): slurp
      ... Slurp news retriever remote format string vulnerability ... Slurp is an advanced passive NNTP client for UNIX. ... Malicious server owners can use this vulnerability to execute code ...
      (Vuln-Dev)