[Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
Bill Weiss
houdini at nmt.edu
Sat Feb 7 05:45:33 GMT 2004
badpack3t(badpack3t at security-protocols.com)@Sat, Feb 07, 2004 at 12:29:54AM -0500:
> SP Research Labs Advisory x09
> --------------------------------------------
>
> DreamFTP 1.02 Buffer Overflow
> --------------------------------------------
> Example:
> ---------
>
> User (192.168.1.101:(none)): %n%n%n
> Connection closed by remote host.
>
> **Application Crashes**
So, that would be a format string vuln, not a buffer overflow, right?
--
Bill Weiss
I'm trying to develop responses to things that annoy me that don't
involve the phrases 'nuke the site from orbit', 'I dispatch
assassins', or the word 'smite'. Not going so well so far.
-- Claire Bickell
Full-Disclosure is hosted and sponsored by Secunia.