Hosting Provided By

possible remote buffer overflow in atftpd

From: Rick <rikul(at)interbee.com>
Date: Wed Jun 04 2003 - 15:31:11 EDT

Hello,

There is possible remote buffer overflow in atftpd. It has to do with length of filename which client sends to atftpd server. If you send filename over ~253 bytes, it crashes with segfault. When I attach to process with gdb I can see it trying to run instruction from EIP 0x41414141. That cant be a good thing. I've tested this on debian woody. I've creating proof of concept exploit for it but having few troubles :)

later,
Rick Patel Received on Wed Jun 4 17:30:38 2003

This message: [ Message body ]
Next message: Discussion Lists: "Shellcode questions"
Previous message: chris(at)cmc.optus.net.au: "Frame pointer overwriting and FreeBSD"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT