Vulnwatch mailing list archives
Re: CuteFTP 5.0 XP, Buffer Overflow
From: Kanatoko <anvil () jumperz net>
Date: Thu, 06 Feb 2003 13:57:01 +0900
Cute FTP 5.0 XP, build 51.1.23.1 was released, but it is still vulnerable against the same issue. Sending 780 bytes( in previous build, it was 257 bytes ) as a reply to LIST command cause a stack overflow. # BTW, I found another buffer overflow problem. Copy long url like # "ftp://AAAAAAAAAAA....AAAAAAAAAAA/" # to clipboard and execute CuteFTP. It will crash immediately. # Seems like a bug, not a security hole. -- Kanatoko<anvil () jumperz net> http://www.jumperz.net/ irc.friend.td.nu:6667 #ouroboros On Sat, 18 Jan 2003 06:25:31 +0000 "Lance Fitz-Herbert" <fitzies () hotmail com> wrote:
Advisory 07: ------------ Buffer Overflow In CuteFTP 5.0 XP Discovered: ----------- By Me, Lance Fitz-Herbert (aka phrizer). September 4th, 2002 Vulnerable Applications: ------------------------ Tested On CuteFTP 5.0 XP, build 50.6.10.2 Others could be vulnerable... Impact: ------- Medium, This could allow arbitary code to be executed on the remote victims machine, if the attacker is successfull in luring a victim onto his server. Details: -------- When a FTP Server is responding to a "LIST" (directory listing) command, the response is sent over a data connection. Sending 257 bytes over this connection will cause a buffer to overflow, and the EIP register can be overwritten completely by sending 260 bytes of data. Vendor Status: -------------- Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth within a few days, they confirmed the problem, and siad they are working on a release for Monday (20th Jan, 03) which will address the issue. Solution: --------- Upgrade to new version which should be avalible from Monday (20th Jan, 03). Exploit: -------- Not released. Contacting Me: -------------- ICQ: 23549284 IRC: irc.dal.net #KORP ---- NOTE: Because of the amount of spam i receive, i require all emails *to me* to contain the word "nospam" in the subject line somewhere. Else i might not get your email. thankyou. ---- _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?page=features/virus
Current thread:
- Re: CuteFTP 5.0 XP, Buffer Overflow Kanatoko (Feb 06)