securma massine
23/12/02, 21:18
--=_NextPart_Caramail_0084201040650484_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
hi
Hyperion FTP Server (http://www.mollensoft.com/ )is a
powerful, reliable FTP server for Windows 95/98/NT/2000,
and supports all basic FTP commands, and much more, such as
passive mode.
A vulnerability exists in Hyperion Ftp Server (version
2.8.11)which allows a remote
user to execute an arbitrary code ,it is a similar
vulnerability of Enceladus Server Suite
I believe that the problem reside in the use of Marby
Socket Window and
ftpservx.dll
who does not support dir+(buffer=3D300 byte)
Access violation - code c0000005 (first chance)
eax=3D0012bcbc ebx=3D0012c574 ecx=3D42424242 edx=3D7846f5b5
esi=3D0012bce4 edi=3D00147ffd
eip=3D42424242 esp=3D0012bc24 ebp=3D0012bc44 iopl=3D0 nv up
ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b
gs=3D0000 efl=3D00000246
42424242 ?? ???
made that eip point towards the beginning of our buffer
makes me think a news methode to backdooring...
it is also noticed that the pass is without encoding
a:/users/"login "
securma massine
french translation :
http://www.itmaroc.com/modules.php?
name=3DNews&file=3Darticle&sid=3D277
__________________________________________________ _______
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors co=FBt du SMS)
--=_NextPart_Caramail_0084201040650484_ID--
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
hi
Hyperion FTP Server (http://www.mollensoft.com/ )is a
powerful, reliable FTP server for Windows 95/98/NT/2000,
and supports all basic FTP commands, and much more, such as
passive mode.
A vulnerability exists in Hyperion Ftp Server (version
2.8.11)which allows a remote
user to execute an arbitrary code ,it is a similar
vulnerability of Enceladus Server Suite
I believe that the problem reside in the use of Marby
Socket Window and
ftpservx.dll
who does not support dir+(buffer=3D300 byte)
Access violation - code c0000005 (first chance)
eax=3D0012bcbc ebx=3D0012c574 ecx=3D42424242 edx=3D7846f5b5
esi=3D0012bce4 edi=3D00147ffd
eip=3D42424242 esp=3D0012bc24 ebp=3D0012bc44 iopl=3D0 nv up
ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b
gs=3D0000 efl=3D00000246
42424242 ?? ???
made that eip point towards the beginning of our buffer
makes me think a news methode to backdooring...
it is also noticed that the pass is without encoding
a:/users/"login "
securma massine
french translation :
http://www.itmaroc.com/modules.php?
name=3DNews&file=3Darticle&sid=3D277
__________________________________________________ _______
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors co=FBt du SMS)
--=_NextPart_Caramail_0084201040650484_ID--