==============================================================================
               MABRY ftp daemon 1.00.047 Security Advisory


                 If you have any suggestions or comments   
             please send me e-mail: dr_insane@pathfinder.gr  
 ==============================================================================

 Published:  July 7, 2003
 Revision:   1.0


  Severity:
 ----------
 High (Crash FTP server remotely)


  1.Summary:
 ------------
MABRY Ftpd is a simple Ftp.Some buffer overflow conditions found that allow
someone to crash the server or even execute arbitary code.The problem
exists with the CWD,STAT,MKD,LIST and RMD commands.By sending 3200 characters next
to these commands the server will crash.Let's see...

CWD * 280

buffer overflow...crash...
LIST * 280
buffer overflow...crash...

MKD * 280

buffer overflow...crash...

RMD * 280

buffer overflow...crash...

STAT * 280

buffer overflow...crash...


Temporary solution
------------------
nuthin..update to the next version when it's out.



Disclaimer
---------
The author(s) does(do) not have any responsibility for any malicious
use of this advisory or proof of concept code. The code and the
information provided here are for educational purposes only.
The author(s) will NOT be held responsible for any direct or 
indirect damages caused by the information or the code
provided here.