http://bit.do/cfRhF Secret discount for Wing FTP Soft
############################################################################ # Title************************Freefloat FTP Server PUT Command Buffer Overflow # Discovered and Reported******22nd of September, 2012 # Discovered/Exploited By******Jacob Holcomb/Gimppy042 # Software Vendor**************http://www.freefloat.com/ # CVE for PUT Overflow*********CVE-2012-5106 # Exploit/Advisory*************http://infosec42.blogspot.com/ # Software*********************Freefloat FTP Server Version 1.0 # Tested Platform**************Windows XP Professional SP2 # Date*************************22/09/2012 # #Credits for original Buffer Overflow discovery in FreeFloatFTP 1.0 go to #Veerendra G.G of SecPod Technologies #For first discovering that FreeFloat FTP had several FTP commands that could cause a Stack Based overflow condition. ############################################################################ *NOTE* Further analysis showed that the PUT command is not the culprit of the overflow, and that any command that either does or doesn't exist will cause data on the stack to be overwritten. PUT just happen to be used by my fuzzer at the time of the crash. PUT is an FTP client command that should not have been used by the fuzzer.
Niciun comentariu:
Trimiteți un comentariu