[28469] in bugtraq
CuteFTP 5.0 XP, Buffer Overflow
daemon@ATHENA.MIT.EDU (Lance Fitz-Herbert)
Sat Jan 18 19:12:56 2003
From: "Lance Fitz-Herbert" <fitzies@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sat, 18 Jan 2003 06:25:31 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY2-F14x4qfU1gqs600002752f@hotmail.com>
Advisory 07:
------------
Buffer Overflow In CuteFTP 5.0 XP
Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002
Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.
Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).
Exploit:
--------
Not released.
Contacting Me:
--------------
ICQ: 23549284
IRC: irc.dal.net #KORP
----
NOTE: Because of the amount of spam i receive, i require all emails *to me*
to contain the word "nospam" in the subject line somewhere. Else i might not
get your email. thankyou.
----
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*
http://join.msn.com/?page=features/virus
