[Full-disclosure] freeftpd MKD buffer overflow etc...

From: barabas mutsonline (barbsie_at_gmail.com)
Date: 11/17/05

  • Next message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities" 
    Date: Thu, 17 Nov 2005 10:42:38 +0100
To: full-disclosure@lists.grok.org.uk

    Hi,
     I turned off logging on my freeftpd server as a temporary fix for the USER
    problem. Pfew...I felt more comfortable now. 3v17 h4x0r5 won't be able to
    compromise my collection of Adriana Lima pics anymore.
    But...while I was thinking on how to write a l33t3r PoC, I picked my nose,
    and a giant booger fell on my keyboard just whilst I was creating a daily
    directory of pictures. It hit the A-key and send a long MKD string to my
    freeftpd server and crashed it (7 gram booger = +- 1024 A's). Godd4mn! This
    even without turning logging on! SEH was overwritten again.
    I restarted the server and got really mad. Trying to remove the booger from
    between my keys something amazing happened: A very long DELE command was
    send and the server died again.
     I give up. Maybe I'll use scp and blow my nose?
     I'll leave it up to Class101 to write l33t PoC code. His kungfu is better
    and he codes in C, which is l33t3r anyway.
     cheers
     barabas

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities"

    Relevant Pages

    • Re: RDP Sessions not "disconnecting"
      ... You can logon to the Console as Admin and Disconnect instead of logging off and this will leave Admin logged on to Synch Act and will leave 2 more Remote slots open. ... The other choice is to disconnect from a normal session as Admin instead of Logging off and when you connect again you will resume your session. ... server based apps - she also hits it from remote. ...
      (microsoft.public.windows.server.sbs)
    • Re: NDR delivery delayed errors keep coming, any advice?
      ... I have turned on the logging as you requested, and when I get a DNR 4.4.7, I ... The sending server tried to ... Delivery status notifications in Exchange Server and in Small Business ... The SMTP logging files are located in ...
      (microsoft.public.windows.server.sbs)
    • Re: Login Errors Seem to indicate we are being hacked?
      ... As an example, my Sonicwall keeps a log that I can read from the regular UI, as well as having the ability to report to a syslog server or e-mail out the log info. ... thing on the box using that authentication package. ... The SMTP or IIS logs should answer everything. ... I'm not familiar with that particular router or its logging capabilities, ...
      (microsoft.public.windows.server.sbs)
    • Re: RDP Sessions not "disconnecting"
      ... and insists remotely loggin on to server verses ... his Desktop to hit these 3rd party apps (ACT, Quickbooks, etc.) when he's on ... RDP connection WITHOUT logging off. ... session there, or at least "disconnected" which i'm thinking uses up one of ...
      (microsoft.public.windows.server.sbs)
    • Re: Exchange 2007 distribution group creation
      ... I checked this and they all have level 1 diagnostic logging. ... your DCs that your Exchange server talks to. ... universal distribution group in exchange management console. ...
      (microsoft.public.exchange.admin)