Advisory 07:
------------
Buffer Overflow In CuteFTP 5.0 XP
Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002
Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.
Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).
----
NOTE: Because of the amount of spam i receive, i require all emails *to me*
to contain the word "nospam" in the subject line somewhere. Else i might not
get your email. thankyou.
----
------------
Buffer Overflow In CuteFTP 5.0 XP
Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002
Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.
Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).
Exploit:
--------
Not released.
Contacting Me:
--------------
ICQ: 23549284
IRC: irc.dal.net #KORP
----
NOTE: Because of the amount of spam i receive, i require all emails *to me*
to contain the word "nospam" in the subject line somewhere. Else i might not
get your email. thankyou.
----
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*
http://join.msn.com/?page=features/virus
[ reply ]