[VIM] FileZilla DoS issues - questions, answers, more questions
f.riphagen at nsec.nl
Sat Dec 16 08:55:30 EST 2006
Steven M. Christey wrote:
> 7) The best changes are here:
> You can see how it's resetting a ".pasv" value, and in some places
> also calls CPermissions::DestroyDirlisting and a break if there's no
> socket... which it didn't do previously. Lines 1054, 1767 emphasize
> this. Each of these changes occur within a check for
> "(!m_transferstatus.socket)". Before this code was inserted, a null
> dereference probably would have happened in the next few lines of
> code, since m_transferstatus.socket is assumed to be non-null.
> This is the kind of behavior you'd expect from a malformed PORT
> command, because no socket would be created.
Steve I think you hit it right there.....
This will *NOT* throw an exception
STOR & (or NLST & or LIST &)
Changing PORT to example:
"PORT 127,0,0,1,55" (PORT < 5) or
"PORT ,,,,,," or 127,0,0,1,260,10" (PORT > 65535)
will all generate an exception with the added STOR/NLST and LIST
More information about the VIM