Date: Mon, 2 Oct 2000 21:42:27 +0200 (SAST) From: Justin Stanford <jus@security.za.net> To: Brett Glass <brett@lariat.org> Cc: Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <Pine.BSF.4.21.0010022139520.54431-100000@fyre.somcol.co.za> In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
I tried using ncftp2 to eradicate any bugs in 'ftp' that may be obscuring problems with 'ftpd'. >=20 > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|=B6QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not unders= tood. Same response. > quote %s%s%s%s%s '%S%S%S%S%S': command not understood. > Now, let's send a command with more %s format directives to the server: >=20 > ftp> quote %s%s%s%s%s%s%s%s%s%s > (Nothing) >=20 > The ftpd process on the server is alive but seems to be hung parsing the = command. > So, something is amiss, but to what extent it is exploitable I can't tell= =2E > It DOES happen even in 4.1, though. > quote %s%s%s%s%s%s%s%s%s%s '%S%S%S%S%S%S%S%S%S%S': command not understood. Not so here.. a perfectly normal response. This is ftp'ing to localhost on 4.0-STABLE... I can then proceed normally with ftp'ing aswell - the server does not hang. Regards, jus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010022139520.54431-100000>