A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution
From: Marcell Fodor (m.fodor@mail.datanet.hu)Date: 04/24/02
- Previous message: Stefan Walk: "Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Apr 2002 20:13:23 -0000 From: Marcell Fodor <m.fodor@mail.datanet.hu> To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Kerberos4 ftp client is a simple ftp client, with the
extensions defined by RFC 2228.
When authentication fails with AUTH, client will use
USER/PASS command as other ones.
A bug in the code may cause a heap overflow which leads to
remote code execution.
The overflow occurs when the server responds to client's
request for passive mode. If the server
responds with a long reply in the place of IP and port,
pasv buffer will overflow.
Affected version: 4-1.1.1
The real danger: an ftp server can simply modified to
recognize Kerberos4 ftp client by it's protocol. You know
the rest.
Details and exploit code: mantra.freeweb.hu
Marcell Fodor
- Previous message: Stefan Walk: "Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
