[vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability
www.cnhonker.com
Security Advisory
Advisory Name: Titan FTP Server Long Command Heap Overflow Vulnerability
Release Date: 08/30/2004
Affected version: Titan FTP Server <= 3.21
Author: lion <lion (at) cnhonker (dot) net [email concealed]>
Overview:
A vulnerability has been found in Titan FTP Server. The problem is when a user logged in, send a command with 20480 size to target will make a heap overflow.
for example:
"CWD xxxxxxxxxxx..."
"LIST xxxxxxxxxxx..."
"STAT xxxxxxxxxxx..."
....
www.cnhonker.com
Security Advisory
Advisory Name: Titan FTP Server Long Command Heap Overflow Vulnerability
Release Date: 08/30/2004
Affected version: Titan FTP Server <= 3.21
Author: lion <lion (at) cnhonker (dot) net [email concealed]>
Overview:
A vulnerability has been found in Titan FTP Server. The problem is when a user logged in, send a command with 20480 size to target will make a heap overflow.
for example:
"CWD xxxxxxxxxxx..."
"LIST xxxxxxxxxxx..."
"STAT xxxxxxxxxxx..."
....
Exploit:
PoC exploit attached.
About HUC:
HUC is still alive.
[ reply ]