• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BlackMoon FTP Server Buffer Overflow Vulnerability

BlackMoon FTP is an FTP server designed for the Windows 2000 operating system. It is designed to be quick and efficient, and is available as shareware.

BlackMoon suffers from a buffer overflow. An attacker may supply a long sequence of characters as an argument to any of the affected commands (USER, PASS or CWD). If the length of the supplied string exceeds the size of its input buffer, the excess data will overwrite other variables on the stack and the stack frame itself.