[vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability

2004-09-01T00:00:00
ID SECURITYVULNS:DOC:6698
Type securityvulns
Reporter Securityvulns
Modified 2004-09-01T00:00:00

Description

[vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability

www.cnhonker.com Security Advisory

Advisory Name: Titan FTP Server Long Command Heap Overflow Vulnerability Release Date: 08/30/2004 Affected version: Titan FTP Server <= 3.21 Author: lion <lion@cnhonker.net>

Overview:

A vulnerability has been found in Titan FTP Server. The problem \ is when a user logged in, send a command with 20480 size to target \ will make a heap overflow.

for example: "CWD xxxxxxxxxxx..." "LIST xxxxxxxxxxx..." "STAT xxxxxxxxxxx..." ....

Exploit:

PoC exploit attached.

About HUC:

HUC is still alive.