[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability
From: "bkbll" <bkbll () cnhonker ! net>
Date: 2004-02-26 15:13:00
Message-ID: 20040226144303.22186.qmail () mail ! securityfocus ! com
[Download RAW message or body]
[vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability
www.cnhonker.com
Security Advisory
Advisory Name: Serv-U MDTM Command Buffer Overflow Vulnerability
Release Date: 02/26/2004
Affected version: Serv-U < 5.0.0.4
Author: bkbll <bkbll@cnhonker.net>
URL: http://www.cnhonker.com/advisory/serv-u.mdtm.txt
Overview:
The Serv-U is a ftp daemon runs on windows. Serv-U supports a ftp command "MDTM" \
for user changing file time . There is a buffer overflow when a user logged in and \
send a malformed time zone as MDTM argument. This can be remote exploit and gain \
SYSTEM privilege.
Exploit:
When a user logged in, he can send this
MDTM 20031111111111+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /test.txt
You must have a valid user account and password to exploit it, and you are not \
need WRITE or any other privilege. And even the test.txt,which is the file you \
request, can not be there. :) So you can put your shellcode as the filename.
About HUC:
HUC is still alive.
----------------------------------------------------------
[bkbll@cnhonker.net bkbll]#date +"%%F %%T"
[bkbll@cnhonker.net bkbll]#2004-02-26 23:11:36
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic