Isn't "The vulnerability is caused due to a boundary error in the ASCII file transfer component when translating newline characters. This can be exploited to cause a buffer overflow by uploading and then downloading a specially crafted file."
And. "The vulnerability is caused due to two off-by-one errors in the "_xlate_ascii_write()" function. These can be exploited by sending a specially crafted "RETR" FTP command with a 1023 bytes long argument starting with a linefeed character." Different? I am not expert, and was wondering If this was actually something new in the same ASCII File translation.? Epic -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Gietl Sent: Thursday, March 04, 2004 11:34 AM To: Frederic Charpentier; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] ProFtp bufferoverflow. Frederic Charpentier <[EMAIL PROTECTED]> wrote: maybe the exploit is new - but the vuln is old. > hi FD, > > do you guys knows something about the new proftpd exploit ? > > http://secunia.com/advisories/11039/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
