RE: WarFTPd 1.70.b01.04

• Previous message: security curmudgeon: "Re: Default Apache install w/ mods"
• In reply to: Jeremy: "WarFTPd 1.70.b01.04"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Demon Internet" <lists@hackerimmunity.demon.co.uk>
To: "Jeremy" <prrthd@myrealbox.com>, <pen-test@securityfocus.com>
Date: Fri, 14 Dec 2001 20:58:58 -0000

Jeremy,

Try these - and packetstorm is always worth a try for exploits.

http://packetstorm.decepticons.org/advisories/ussr/diewa170/
http://packetstorm.decepticons.org/9903-exploits/warftpd.170b1.passwd.txt
http://packetstorm.decepticons.org/0104-exploits/Hexyn-sa-19.txt
http://packetstorm.decepticons.org/advisories/b0f/warftpd.c (possibly?)
http://packetstorm.decepticons.org/0002-exploits/warftpd-dos.c (possibly?)

Richard

-----Original Message-----
From: Jeremy [mailto:prrthd@myrealbox.com]
Sent: 14 December 2001 15:39
To: pen-test@securityfocus.com
Subject: WarFTPd 1.70.b01.04

Hello all,
  We have several kiosks in our network that are maintained by a third party vender and which I have no control over. In a recent security audit I discovered that these kiosks are running WarFTPd 1.70.b01.04. The vender uses this to update the kiosks. I noticed that eeye.com found a BOF in this exact version and I am looking for an exploit to prove to management that our vender needs to upgrade the software. Also, are there any other vulnerabilities that I should be aware of for this version of WarFTP.

Thanks,
  Jeremy

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: security curmudgeon: "Re: Default Apache install w/ mods"
• In reply to: Jeremy: "WarFTPd 1.70.b01.04"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: (citrix testing) ... For more information on SecurityFocus' SIA service which ... >- This list is provided by the SecurityFocus Security Intelligence Alert ... > automatically alerts you to the latest security vulnerabilities please ... (Pen-Test) Re: Buffer Overflow Help ... >>> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... >>> automatically alerts you to the latest security vulnerabilities please ... (Pen-Test) Re: IIS HTR Exploit ? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test) Re: Need Novell vuln. scanner ASAP! ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... > automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test) Re: How to aggregate output of NMAP ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... >> automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint