Cute FTP 5.0 XP, build 51.1.23.1 was released, but it is still
vulnerable against the same issue.
Sending 780 bytes( in previous build, it was 257 bytes ) as a reply to
LIST command cause a stack overflow.
# BTW, I found another buffer overflow problem. Copy long url like
# "ftp://AAAAAAAAAAA....AAAAAAAAAAA/"
# to clipboard and execute CuteFTP. It will crash immediately.
# Seems like a bug, not a security hole.
On Sat, 18 Jan 2003 06:25:31 +0000
"Lance Fitz-Herbert" <fitzies (at) hotmail (dot) com [email concealed]> wrote:
> Advisory 07:
> ------------
> Buffer Overflow In CuteFTP 5.0 XP
>
>
> Discovered:
> -----------
> By Me, Lance Fitz-Herbert (aka phrizer).
> September 4th, 2002
>
>
> Vulnerable Applications:
> ------------------------
> Tested On CuteFTP 5.0 XP, build 50.6.10.2
> Others could be vulnerable...
>
>
> Impact:
> -------
> Medium,
> This could allow arbitary code to be executed on the remote victims machine,
> if the attacker is
> successfull in luring a victim onto his server.
>
>
> Details:
> --------
> When a FTP Server is responding to a "LIST" (directory listing) command, the
> response is sent
> over a data connection. Sending 257 bytes over this connection will cause a
> buffer to overflow,
> and the EIP register can be overwritten completely by sending 260 bytes of
> data.
>
>
> Vendor Status:
> --------------
> Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
> within a few days, they
> confirmed the problem, and siad they are working on a release for Monday
> (20th Jan, 03) which will address
> the issue.
>
>
> Solution:
> ---------
> Upgrade to new version which should be avalible from Monday (20th Jan, 03).
>
>
> Exploit:
> --------
> Not released.
>
>
> Contacting Me:
> --------------
> ICQ: 23549284
> IRC: irc.dal.net #KORP
>
>
>
> ----
> NOTE: Because of the amount of spam i receive, i require all emails *to me*
> to contain the word "nospam" in the subject line somewhere. Else i might not
> get your email. thankyou.
> ----
>
>
>
>
>
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*
> http://join.msn.com/?page=features/virus
>
>
Cute FTP 5.0 XP, build 51.1.23.1 was released, but it is still
vulnerable against the same issue.
Sending 780 bytes( in previous build, it was 257 bytes ) as a reply to
LIST command cause a stack overflow.
# BTW, I found another buffer overflow problem. Copy long url like
# "ftp://AAAAAAAAAAA....AAAAAAAAAAA/"
# to clipboard and execute CuteFTP. It will crash immediately.
# Seems like a bug, not a security hole.
--
Kanatoko<anvil (at) jumperz (dot) net [email concealed]>
http://www.jumperz.net/
irc.friend.td.nu:6667 #ouroboros
On Sat, 18 Jan 2003 06:25:31 +0000
"Lance Fitz-Herbert" <fitzies (at) hotmail (dot) com [email concealed]> wrote:
> Advisory 07:
> ------------
> Buffer Overflow In CuteFTP 5.0 XP
>
>
> Discovered:
> -----------
> By Me, Lance Fitz-Herbert (aka phrizer).
> September 4th, 2002
>
>
> Vulnerable Applications:
> ------------------------
> Tested On CuteFTP 5.0 XP, build 50.6.10.2
> Others could be vulnerable...
>
>
> Impact:
> -------
> Medium,
> This could allow arbitary code to be executed on the remote victims machine,
> if the attacker is
> successfull in luring a victim onto his server.
>
>
> Details:
> --------
> When a FTP Server is responding to a "LIST" (directory listing) command, the
> response is sent
> over a data connection. Sending 257 bytes over this connection will cause a
> buffer to overflow,
> and the EIP register can be overwritten completely by sending 260 bytes of
> data.
>
>
> Vendor Status:
> --------------
> Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
> within a few days, they
> confirmed the problem, and siad they are working on a release for Monday
> (20th Jan, 03) which will address
> the issue.
>
>
> Solution:
> ---------
> Upgrade to new version which should be avalible from Monday (20th Jan, 03).
>
>
> Exploit:
> --------
> Not released.
>
>
> Contacting Me:
> --------------
> ICQ: 23549284
> IRC: irc.dal.net #KORP
>
>
>
> ----
> NOTE: Because of the amount of spam i receive, i require all emails *to me*
> to contain the word "nospam" in the subject line somewhere. Else i might not
> get your email. thankyou.
> ----
>
>
>
>
>
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*
> http://join.msn.com/?page=features/virus
>
>
[ reply ]