Advisory 07: ------------ Buffer Overflow In CuteFTP 5.0 XP Discovered: ----------- By Me, Lance Fitz-Herbert (aka phrizer). September 4th, 2002 Vulnerable Applications: ------------------------ Tested On CuteFTP 5.0 XP, build 50.6.10.2 Others could be vulnerable... Impact: ------- Medium, This could allow arbitary code to be executed on the remote victims machine, if the attacker is successfull in luring a victim onto his server. Details: -------- When a FTP Server is responding to a "LIST" (directory listing) command, the response is sent over a data connection. Sending 257 bytes over this connection will cause a buffer to overflow, and the EIP register can be overwritten completely by sending 260 bytes of data. Vendor Status: -------------- Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth within a few days, they confirmed the problem, and siad they are working on a release for Monday (20th Jan, 03) which will address the issue. Solution: --------- Upgrade to new version which should be avalible from Monday (20th Jan, 03). Exploit: -------- Not released. Contacting Me: -------------- ICQ: 23549284 IRC: irc.dal.net #KORP ---- NOTE: Because of the amount of spam i receive, i require all emails *to me* to contain the word "nospam" in the subject line somewhere. Else i might not get your email. thankyou. ---- _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?page=features/virus
This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 16:12:43 PST