There is possible remote buffer overflow in atftpd. It has to do with length
of filename which client sends to atftpd server. If you send filename over
~253 bytes, it crashes with segfault. When I attach to process with gdb I
can see it trying to run instruction from EIP 0x41414141. That cant be a
good thing. I've tested this on debian woody. I've creating proof of concept
exploit for it but having few troubles :)
There is possible remote buffer overflow in atftpd. It has to do with length
of filename which client sends to atftpd server. If you send filename over
~253 bytes, it crashes with segfault. When I attach to process with gdb I
can see it trying to run instruction from EIP 0x41414141. That cant be a
good thing. I've tested this on debian woody. I've creating proof of concept
exploit for it but having few troubles :)
later,
Rick Patel
[ reply ]