1565 matches found
CVE-1999-0368
Buffer overflows in wuarchive ftpd wu-ftpd and ProFTPD lead to remote root access, a.k.a. palmetto...
CVE-1999-0368
The CVE-1999-0368 issue involves buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD that can lead to remote root access (palmetto). Red Hat’s entry reiterates the same vulnerability. Nessus plugin 10318 (WU-FTPD Multiple Vulnerabilities) and 10318’s description cite the overflow as enabling...
SDI.exploit4.proftpd.txt
From: Bugtraq List [email protected] on behalf of Thiago/c0nd0r [email protected] Sent: Wednesday, September 15, 1999 12:31 PM To: [email protected] Subject: SDI anonymous remote exploit for proftpd Hello, I've seen some discussion about the possibility of exploit the newest proft...
proftpd.1.2.0pre6.txt
Tymm Twillman [email protected] Sent: Friday, September 17, 1999 2:15 PM Subject: proftpd 1.2.0pre6 patch Before I release the exploit, I'd like to give people a chance to fix the problem. Here's the patch. Note that there are other potential problems; I've been in contact with MacGyver and a...
proftpd_exploit.txt
Subject: ProFTPD To: [email protected] / !!!! Private .. ... distribute !!!! proftpd-1.2.0 remote root exploit beta2 Still need some code, but it works fine Offset: Linux Redhat 6.0 0 - proftpd-1.2.0pre1 0 - proftpd-1.2.0pre2 0 - proftpd-1.2.0pre3 If this dont work, try changing the align...
proftpd_exploiting_toolkit.txt
Subject: proftpd To: [email protected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 / babcia padlina ltd. poland, 17/08/99 your ultimate proftpd pre0-3 exploiting toolkit based on: - adm-wuftpd by duke - kombajn do czere¶ni by Lam3rZ thx for shellcode! thx and greetz. / include include...
ProFTPD NLST Command Argument Handling Remote Overflow
It was possible to crash the remote FTP server by issuing a specially crafted command, such as 'NLST aaaXXXX%u%...%u%u%u%%u%653300u%n' where 'XXXX' is replaced with four characters - ASCII values 0xDC, 0x4F, 0x07 and 0x08. This issue is known to affect ProFTPD version 1.2.0pre6, although other FT...
proftpd_exploit.txt
Subject: SDI anonymous remote exploit for proftpd To: [email protected] Hello, I've seen some discussion about the possibility of exploit the newest proftpd vulnerability without having the permission to write STOR. Here is the proof. Unlikely the last published exploit, this one does not...
FreeBSD_FTP_port_holes.txt
Subject: [email protected]: FreeBSD Security Advisory: FreeBSD-SA-99:03.ftpd REISSUED To: [email protected] [email protected] 2.ems Content-Type: text/plain; charset=us-ascii PGP Signature Status: unknown Signer: Unknown, Key ID xBE7497F1 Signed: 9/15/99 11:30:30 PM...
ProFTPd 1.2 pre6 - snprintf Remote Root
ProFTPd 1.2 pre6 - snprintf Remote Root source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the comman...
ProFTPd 1.2 pre6 - 'snprintf' Remote Root
source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the command being executed by the logged on user. ...
ProFTPD mkdir Buffer Overflow
It is possible to crash the remote FTP service by creating a large number of nested directories with names no longer than 255 chars. This issue is known to affect ProFTPD, although other FTP servers may be affected as well. It is likely that a remote attacker can leverage this issue to execute...
ProFTPD 1.2.0pre4 mkdir Command Directory Name Handling Remote Overflow
It was possible to crash the remote FTP server by creating a large number of nested directories and then trying to upload a file. This issue is known to affect ProFTPD, although other FTP servers may be affected as well. It is likely that a remote attacker can leverage this issue to execute...
CVE-1999-0911
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories...
ProFTPd 1.2 pre1pre2pre3pre4pre5 - Remote Buffer Overflow (2)
ProFTPd 1.2 pre1pre2pre3pre4pre5 - Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/612/info The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf in the logxfer routine in src/log.c. The vulnerability in 1.2pre4 ...
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/612/info The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf in the logxfer routine in src/log.c. The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not...
ProFTPd 1.2 pre1pre2pre3pre4pre5 - Remote Buffer Overflow (1)
ProFTPd 1.2 pre1pre2pre3pre4pre5 - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/612/info The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf in the logxfer routine in src/log.c. The vulnerability in 1.2pre4 ...
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/612/info The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf in the logxfer routine in src/log.c. The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not...
[SECURITY] New versions of proftpd fixes buffer overflow
We have received reports that the proftpd package as distributed in Debian GNU/Linux 2.0 is vulnerable to a buffer overflow. Using this vulnerability, known as palmetto, it is possible to gain shell access or otherwise circumvent normal login access and logging mechanisms. This has been fixed in...
[SECURITY] New versions of proftpd fixes buffer overflow
We have received reports that the proftpd package as distributed in Debian GNU/Linux 2.0 is vulnerable to a buffer overflow. Using this vulnerability, known as palmetto, it is possible to gain shell access or otherwise circumvent normal login access and logging mechanisms. This has been fixed in...