Windows 95/NT War FTPD 1.65 Buffer Overflow

Aleph One (aleph1@DFW.DFW.NET)
Wed, 04 Feb 1998 12:49:42 -0600

>From rootshell:

---------- Forwarded message ----------
Windows 95/NT War FTPD 1.65 Buffer Overflow
-------------------------------------------

The popular War FTPD daemon for Windows 95 and NT contains a very bad buffer
overflow allows for remote users to execute code on your stack or simply
crash the ftp server.

The overflow exists in many places including the USER and PASS phase. To
exploit War FTPD you must connect to the FTP server (port 21) and issue the
following command :

USER xxxxxxxxxxxxxxxxxxxxxxxxxxxxx (very long string)

or

PASS xxxxxxxxxxxxxxxxxxxxxxxxxxxxx (very long strong)

At this point the FTP daemon will crash. We at Rootshell are not Windows
users and did not have the resources or time to write actual code to execute
on the stack, however it IS possible.

You may find War FTPD information at http://www.sidenet.com.br/jgaa/