South River WebDrive Buffer Overflow Vulnerability
---Summary---
Software Affected: South River WebDrive
Software Versions Tested: 6.08 build 1131
Vendors URL: http://www.webdrive.com
Vulnerability Type: Boundary Condition Error
Credit: Discovered by Adrian Castro
Proof of Concept: None Provided
Attack Vector: Local
Threat Level: Medium
---Vendors Product Description---
WebDrive is more than just an FTP Client. By connecting to WebDAV, FTP, or SFTP servers through a virtual drive, files are transferred by simply saving them to a drive letter. There's no need to run a separate FTP client interface. Unlike typical FTP clients, WebDrive lets you open and edit server-based files without the additional download step.
To install WebDrive on Windows NT/2000/XP you must have administrator privileges. Once installed you can use WebDrive from any NT user account.
---Vulnerability Description---
The name entry field in WebDrive is prone to a buffer overflow vulnerability due to a programming error. The name field allows for 257 characters to be copied to a 256 character buffer. Successful exploitation causes the program to fail, and behave erratically/crash on future runs of the program.
This vulnerability affects WebDrive 8 running on Windows 2000 SP4, and Windows XP Professional SP2. Other versions of WebDrive and Windows may also be affected.
---Solution---
None at this time.
_____________________________________________________________
Thank you for choosing LinuxQuestions.
http://www.linuxquestions.org
---Summary---
Software Affected: South River WebDrive
Software Versions Tested: 6.08 build 1131
Vendors URL: http://www.webdrive.com
Vulnerability Type: Boundary Condition Error
Credit: Discovered by Adrian Castro
Proof of Concept: None Provided
Attack Vector: Local
Threat Level: Medium
---Vendors Product Description---
WebDrive is more than just an FTP Client. By connecting to WebDAV, FTP, or SFTP servers through a virtual drive, files are transferred by simply saving them to a drive letter. There's no need to run a separate FTP client interface. Unlike typical FTP clients, WebDrive lets you open and edit server-based files without the additional download step.
To install WebDrive on Windows NT/2000/XP you must have administrator privileges. Once installed you can use WebDrive from any NT user account.
---Vulnerability Description---
The name entry field in WebDrive is prone to a buffer overflow vulnerability due to a programming error. The name field allows for 257 characters to be copied to a 256 character buffer. Successful exploitation causes the program to fail, and behave erratically/crash on future runs of the program.
This vulnerability affects WebDrive 8 running on Windows 2000 SP4, and Windows XP Professional SP2. Other versions of WebDrive and Windows may also be affected.
---Solution---
None at this time.
_____________________________________________________________
Thank you for choosing LinuxQuestions.
http://www.linuxquestions.org
[ reply ]