[UNIX] Kerberos4 FTP Client Found to Contain a Heap Overflow

From: support@securiteam.com
Date: 04/25/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Thu, 25 Apr 2002 10:09:13 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Kerberos4 FTP Client Found to Contain a Heap Overflow
------------------------------------------------------------------------

SUMMARY

Kerberos4 FTP client is a simple FTP client, with the extensions defined
by RFC 2228. When authentication fails with AUTH, client will use
USER/PASS command as other ones. A vulnerability in the code allows
attackers to causes it to execute arbitrary code by overflowing the heap.

DETAILS

Vulnerable systems:
Kerberos4 version 1.1.1

A bug in the code may cause a heap overflow that would lead to remote code
execution. The overflow occurs when the server responds to client's
request for passive mode. If the server responds with a long reply in the
place of IP and port, the PASV buffer will overflow.

Vulnerable code:
krb4-1.1.1/appl/ftp/ftp/ftp.c
----------------
int
getreply (int expecteof)
{

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages