Re: lame ms-ftp large file creation bug

From: exon (exon_at_home.se)
Date: 11/13/03

  • Next message: upb: "Re: ms03-049 exploit xp sp0" 
    Date: Thu, 13 Nov 2003 01:14:16 +0100
To: vuln-dev@securityfocus.com

    Actually, I don't think the RFC specifies what to do when appending to a
    non-existant file, or appending beyond a files size. I can imagine this
    was left to programmers to deal with as best they can. I guess Microsoft
    did just that ...

    /Andreas

    Dave Korn wrote:

    > ----- Original Message -----
    > From: "wirepair" <wirepair@roguemail.net>
    > To: <vuln-dev@securityfocus.com>
    > Sent: Sunday, November 09, 2003 12:45 AM
    > Subject: lame ms-ftp large file creation bug
    >
    >
    >> lo all,
    >> bug or feature:
    >
    >
    > Defined feature of the FTP protocol, and should in no way be unique to
    > MS. Do you understand what REST does? It tells the server that you're
    > sending *part* of a file, starting from your chosen position within the
    > file. In this case you tell it that you're sending part of an enormous
    > file, starting from the 99999999999999999th byte. When it starts to
    > receive the data you send, it tries to create a file that size and start
    > appending the data at that position. Ok, somewhere along the line, the
    > value gets incorrectly limited to 2gig (signed int maths), but basically
    > the ftp server is doing exactly what you were crazy enough to ask it to!
    >
    > DaveK
    >
    > _________________________________________________________________
    > It's fast, it's easy and it's free. Get MSN Messenger today!
    > http://www.msn.co.uk/messenger
    >
    >
    > 

    -- 
If riding in a plane is flying, then riding in a boat is swimming.
If you want to experience the element; get out of the vehicle!
  • Next message: upb: "Re: ms03-049 exploit xp sp0"