[Full-Disclosure] Serv-U 4.1 Memory Corruption / Whatever

Well, I didn't have the time to fully analyze it yet, but by using a fuzzer to check Serv-U, I found something that crashed it using bad data in SITE CHMOD. This is not the already discovered vulnerability, cause it can be used without write access, the crash occurs before permissions are even...

RhinoSoft Serv-U FTPd Server 4.x - 'site chmod' Remote Buffer Overflow

include include include include define exploitlength 511 define NOP 'A' define SEHhandleroffset 400 char SEHhandler = "\x41\x41\xEB\x04"; // 3 jmp over next four bytes char retaddress4004 = "\xab\x1c\x5f\x01"; // 1 libeay32.015f1cab char retaddress4100 = "\xcb\x1c\x41\x01"; // 1 ssleay32.01411ccb...

Serv-U FTPD 3.x/4.x ""SITE CHMOD"" Command Remote Exploit

No description provided by source. / ----------------------------------------------------------------------- Servu.c - Serv-U FTPD 3.x/4.x "SITE CHMOD" Command Remote stack buffer overflow exploit Copyright C 2004 HUC All Rights Reserved. Author : lion : [email protected] : http://www.cnhonker.co...

Serv-U FTPD 3.x/4.x "SITE CHMOD" Command Remote Exploit

Exploit for unknown platform in category remote exploits ======================================================= Serv-U FTPD 3.x/4.x "SITE CHMOD" Command Remote Exploit ======================================================= / ----------------------------------------------------------------------...

RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow

/ ----------------------------------------------------------------------- Servu.c - Serv-U FTPD 3.x/4.x "SITE CHMOD" Command Remote stack buffer overflow exploit Copyright C 2004 HUC All Rights Reserved. Author : lion : [email protected] : http://www.cnhonker.com Date : 2004-01-25 : 2004-01-25 v1...

RhinoSoft Serv-U FTPd Server 3/4 - MDTM Command Stack Overflow (2)

// source: https://www.securityfocus.com/bid/9483/info RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. If an excessively long filename is specified for the command, an internal buffer will be...

RhinoSoft Serv-U FTPd Server 34 - MDTM Command Stack Overflow (1)

RhinoSoft Serv-U FTPd Server 34 - MDTM Command Stack Overflow 1 // source: https://www.securityfocus.com/bid/9483/info RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. If an excessively long filena...

SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

MacOSX 10.0.X Permissions uncorrectly set

Permissions of /Users/yourname/Desktop which show your desktop is xrwxrwxrwx, allowing every user to read/write on your own Desktop folder. Fix: chmod 755 or chmod 750 /Users/yourname/Desktop Apple have been warned long ago and as of 10.0.4 it is stil not fixed. Les moines...

PerlCal (CGI) show files vulnerability

whizkunde security advisory: PerlCal CGI http://www.whizkunde.org | [email protected] ---------------------------------------------------------- Release date: April 27th 2001 Subject: PerlCal CGI security problem Systems affected: NIX not windows systems running PerlCal CGI script Vendor:...

J-Pilot Permissions Vulnerability

J-Pilot automatically creates a ".jpilot" directory in the user's home directory to store preferences and backed up PalmOS device data. The permissions for this directory are mode 755, and files in the directory are mode 644; this allows anyone with only minimal access to the user's home director...

[SECURITY] New Debian cron packages released

Package: cron Vulnerability: local priviledge escalation Debian-specific: no Vulnerable: yes The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race...

Trustix security advisory - apache-ssl

Hi Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a Trustix system will be installed with mode 756 instead of 755, making a binary file that will be run by root world writable. It should not be necessary to explain why this is an extremely bad thing. How this bug slipped...

WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion

source: https://www.securityfocus.com/bid/2240/info Some FTP servers provide a "conversion" service that pipes a requested file through a program, for example a decompression utility such as "tar", before it is passed to the remote user. Under some configurations where this is enabled a remote us...