MABRY ftpd is vulnerable to buffer overflows that result in a denial of service via the CWD, STAT, MKD, LIST, and RMD commands when an excess of 3200 bytes are sent.
2bd66cc50e84bb2b6524a75df67d487708d102ac22c134345b076c0ea1a49942
==============================================================================
MABRY ftp daemon 1.00.047 Security Advisory
If you have any suggestions or comments
please send me e-mail: dr_insane@pathfinder.gr
==============================================================================
Published: July 7, 2003
Revision: 1.0
Severity:
----------
High (Crash FTP server remotely)
1.Summary:
------------
MABRY Ftpd is a simple Ftp.Some buffer overflow conditions found that allow
someone to crash the server or even execute arbitary code.The problem
exists with the CWD,STAT,MKD,LIST and RMD commands.By sending 3200 characters next
to these commands the server will crash.Let's see...
CWD * 280
buffer overflow...crash...
LIST * 280
buffer overflow...crash...
MKD * 280
buffer overflow...crash...
RMD * 280
buffer overflow...crash...
STAT * 280
buffer overflow...crash...
Temporary solution
------------------
nuthin..update to the next version when it's out.
Disclaimer
---------
The author(s) does(do) not have any responsibility for any malicious
use of this advisory or proof of concept code. The code and the
information provided here are for educational purposes only.
The author(s) will NOT be held responsible for any direct or
indirect damages caused by the information or the code
provided here.