Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
EFTP buffer overflow
arboi at noos
Dec 13, 2001, 7:07 AM
Post #1 of 6 (1353 views)
Permalink
Going on with my "mailbox flush". This plugin is supposed to crash
EFTP <= 2.0.7.337
It needs a valid account and a writable directory.

I did not test it, though, so I'd appreciate comments on it.

Attached Files:

Re: EFTP buffer overflow [ In reply to ]
deraison at cvs
Dec 13, 2001, 7:10 AM
Post #2 of 6 (1322 views)
Permalink
On Thu, Dec 13, 2001 at 03:07:29PM +0100, Michel Arboi wrote:
> Going on with my "mailbox flush". This plugin is supposed to crash
> EFTP <= 2.0.7.337
> It needs a valid account and a writable directory.
>
> I did not test it, though, so I'd appreciate comments on it.

With this kind of check, I usually prefer when there's a "failsafe"
solution. ie:

if(have_login && have_password && have_a_writeable_dir)
{
really_try_the_flaw();
}
else
{
grab_the_banner_and_do_pattern_matching()
}

Could you do that ?
-- Renaud
Re: EFTP buffer overflow [ In reply to ]
arboi at noos
Dec 13, 2001, 7:28 AM
Post #3 of 6 (1334 views)
Permalink
Renaud Deraison <deraison@cvs.nessus.org> writes:

> With this kind of check, I usually prefer when there's a "failsafe"
> solution. ie
[snip]

I suppose I also should handle the "safe check" option :-\
Re: EFTP buffer overflow [ In reply to ]
deraison at cvs
Dec 13, 2001, 7:34 AM
Post #4 of 6 (1328 views)
Permalink
On Thu, Dec 13, 2001 at 03:28:49PM +0100, Michel Arboi wrote:
> Renaud Deraison <deraison@cvs.nessus.org> writes:
>
> > With this kind of check, I usually prefer when there's a "failsafe"
> > solution. ie
> [snip]
>
> I suppose I also should handle the "safe check" option :-\

Yes, but it's the same as not having a login/password/whatever.

Actually, the complete logic should be :



---
if(!safe_checks())
{
if(login && password && have_a_writeable_dir)
{
if(could_log_in)
{
# actually test for the flaw
exit(0);
}
}
}

#
# Fail-safe - pattern matching on the banner
#

banner = get_kb_item(string("ftp/", port, "/banner"));
if(!banner) ....

do_some_regexp(banner);


---

This is more fine-grained than in my previous post, as it helps to do
the test, even if something goes wrong (can't log in any more for some
reason, or ftp server went down).


-- Renaud
Re: EFTP buffer overflow [ In reply to ]
georges.dagousset at alert4web
Dec 13, 2001, 8:47 AM
Post #5 of 6 (1328 views)
Permalink
Hello,

I just download the EFTP product (freeware)
http://www.eftp.org/index.html

The banner for the new version is:
220 EFTP Version 2.0.8.347

Maybe, it could help you for the safe_check branch.

Georges Dagousset

----- Original Message -----
From: "Michel Arboi" <arboi@noos.fr>
To: <plugins-writers@list.nessus.org>
Sent: Thursday, December 13, 2001 3:28 PM
Subject: Re: EFTP buffer overflow


> Renaud Deraison <deraison@cvs.nessus.org> writes:
>
> > With this kind of check, I usually prefer when there's a "failsafe"
> > solution. ie
> [snip]
>
> I suppose I also should handle the "safe check" option :-\
Re: EFTP buffer overflow [ In reply to ]
arboi at noos
Dec 13, 2001, 8:55 AM
Post #6 of 6 (1334 views)
Permalink
"Georges Dagousset" <georges.dagousset@alert4web.com> writes:

> I just download the EFTP product (freeware)

I did this yesterday and grabbed. Sorry, I should have told you.
Here is a new (untested) version of the script.

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal