Results 1 to 4 of 4

Thread: FTP.exe Buffer Overflow

  1. #1
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    FTP.exe Buffer Overflow

    i thought this was interesting... a nice lil' bug
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hello there,

    ftp.exe and tftp.exe both have the same problem with unchecked hostname length.

    Description:
    ftp.exe and tftp.exe do not check the length of hostname parameter before
    passing it to gethostbyname(). This makes possible to crash them by providing
    a long enough (~550+ bytes) hostname string.

    According to Microsoft:

    (http://msdn.microsoft.com/library/en...stbyname_2.asp)

    "The gethostbyname function does not check the size of the name parameter
    before passing the buffer. In improperly sized name parameters,
    heap corruption can occur."

    Although it is sort of strange behaviour, it is documented.
    A good advice for MS developers is to read function description before using it.

    Both problems tested on up-to-date W2KPro.

    Thanks,

    Max.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+XrCw8mCpXsrcXpwRAvrCAKDrQ9HALqCl3w1F23xsEEgAD4is9ACg7uHC
    c5aVcrLBTzJ0/o4WJXsLVnM=
    =20xF
    -----END PGP SIGNATURE-----
    the actual bug is in window sockets environment...
    so- if you'd like to keep MS-Users(if using the standard window sockets resources) out, just have an abnormally large server name
    yeah, I\'m gonna need that by friday...

  2. #2
    Junior Member
    Join Date
    Feb 2003
    Posts
    8
    Thank you

  3. #3
    Golden! .....oops!HeHe...Shhhhhhhhh.

    New pc toys, Interesting !!


    invokegethostbyname

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    8
    I think it's very useful!
    Thank you

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •