Vulnwatch mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CuteFTP 5.0 XP, Buffer Overflow

From: Kanatoko <anvil () jumperz net>
Date: Thu, 06 Feb 2003 13:57:01 +0900

Cute FTP 5.0 XP, build 51.1.23.1 was released, but it is still
vulnerable against the same issue.

Sending 780 bytes( in previous build, it was 257 bytes )  as a reply to
LIST command cause a stack overflow.

# BTW, I found another buffer overflow problem. Copy long url like
# "ftp://AAAAAAAAAAA....AAAAAAAAAAA/";
# to clipboard and execute CuteFTP. It will crash immediately.
# Seems like a bug, not a security hole.

-- 
Kanatoko<anvil () jumperz net>
http://www.jumperz.net/
irc.friend.td.nu:6667 #ouroboros



On Sat, 18 Jan 2003 06:25:31 +0000
"Lance Fitz-Herbert" <fitzies () hotmail com> wrote:


Advisory 07:
------------
Buffer Overflow In CuteFTP 5.0 XP


Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002


Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...


Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine, 
if the attacker is
successfull in luring a victim onto his server.


Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the 
response is sent
over a data connection. Sending 257 bytes over this connection will cause a 
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of 
data.


Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth 
within a few days, they
confirmed the problem, and siad they are working on a release for Monday 
(20th Jan, 03) which will address
the issue.


Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).


Exploit:
--------
Not released.


Contacting Me:
--------------
    ICQ: 23549284
    IRC: irc.dal.net #KORP



----
NOTE: Because of the amount of spam i receive, i require all emails *to me* 
to contain the word "nospam" in the subject line somewhere. Else i might not 
get your email. thankyou.
----






_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* 
http://join.msn.com/?page=features/virus
Previous By Date Next
Previous By Thread Next

Current thread: