BugTraq
Back to list
|
Post reply
Unicode Buffer Overflow in WinFtp Server 1.6.8
Aug 17 2005 01:44PM
Donato Ferrante (fdonato autistici org)
(1 replies)
Donato Ferrante
Application: WinFtp Server
http://www.wftpserver.com
Version: 1.6.8
Bug: Unicode Buffer Overflow
Date: 17-Aug-2005
Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"WinFTP Server is a multithreaded FTP server for Windows 98/NT/XP."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The bug is located in the "Log To Screen" feature, this feature
allows the program to show server's log on screen.
By default the program has this function (called Log-SCR) enabled.
So a malicious user can trigger an unicode buffer overflow.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability send a request to the FTP server like:
aaa [1024 of a] aaa
and then scroll down the log screen, so the server will crash.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Vendor has been contacted.
Bug will be fixed in the next release.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[ reply ]
Bypassing the new /GS protection in VC++ 7.1
Aug 18 2005 02:50AM
D K (dwarkeeper gmail com)
Privacy Statement
Copyright 2010, SecurityFocus
Donato Ferrante
Application: WinFtp Server
http://www.wftpserver.com
Version: 1.6.8
Bug: Unicode Buffer Overflow
Date: 17-Aug-2005
Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"WinFTP Server is a multithreaded FTP server for Windows 98/NT/XP."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The bug is located in the "Log To Screen" feature, this feature
allows the program to show server's log on screen.
By default the program has this function (called Log-SCR) enabled.
So a malicious user can trigger an unicode buffer overflow.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability send a request to the FTP server like:
aaa [1024 of a] aaa
and then scroll down the log screen, so the server will crash.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Vendor has been contacted.
Bug will be fixed in the next release.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[ reply ]