[Full-Disclosure] /Claimed/ remote root exploit in Pureftpd
Jedi/Sector One
j at pureftpd.org
Sat Jun 14 07:46:49 BST 2003
On Sat, Jun 14, 2003 at 01:55:01AM +0530, Devdas Bhagat wrote:
> <dilema> PureFTPD (1.x.x) linux/x86 remote ROOT exploit.
> <dilema>
> !PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!***!PRIVATE!
> <dilema> MUHAHAHAHA
> <dilema> lmao it's an 0-day fizewl
> <dilema> Linux/x86 PureFTPD remote exploit.
> <dilema> usage: ./pure [options]
> <dilema> -c remote host to connect to
> <dilema> -o remote port to use
> <dilema> -u remote username
> <dilema> -p remote password
> <dilema> -i get the password interactively
> <dilema> -t predefined target ("-t list" to list all
> targets)
> <dilema> -d writeable directory
> <dilema> -l shellcode address
> <dilema> -v debug level [0-2]
> <dilema> -s seconds to sleep after login (debugging
> purposes)
> <dilema> -h display this help
Unless it is something totally different with exactly the same name and
the same help text, this fake 0 day is at least 6 months old. You can grab
it here : ftp://ftp.fr.pureftpd.org/misc/pureftps-fake.c
That one relies on things that don't even exist in Pure-FTPd like CWD
globbing. Also as non-printable characters are replaced by underscores, the
shellcode should be at least changed a bit to be credible.
--
__ /*- Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
Full-Disclosure is hosted and sponsored by Secunia.