Hosting Provided By

smallftpd's version 1.0.2 Directory Transversal Vulnerability

From: aT4r InsaN3 <at4r(at)hotmail.com>
Date: Wed Apr 30 2003 - 06:05:27 EDT

Smallftpd is a simple and small Ftp server for windows. A vulnerability exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow unauthorizeded users to browse the root directorys and skip access list.

CWD \..\..
250 CWD command successful.

also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too have multiple vulnerabilities.

Denial OF service: just type "%s %s" as login and the ftp server will crash. buffer overflows when a command have length >280 chars. example: cd AAAAAAAAAA... this bugs seems to be patched in the lastest version.

at4r [at] 3wdesign.es Security 2003

Melodías, logos y mil servicios para tu teléfono en MSN Móviles. http://www.msn.es/MSNMovil/ Received on Wed Apr 30 11:59:24 2003

This message: [ Message body ]
Next message: Ali Saifullah Khan: "Re: Windows XP mmc.exe Crash"
Previous message: Dave McKinney: "Administrivia: Local Windows Overflows"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT