OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: SNS Research (vuln-devgreyhack.com)
Date: Wed May 30 2001 - 14:55:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Strumpf Noir Society Advisories
    ! Public release !
    <--#

    -= SpoonFTP Buffer Overflow Vulnerabilities =-

    Release date: Thursday, May 31, 2001

    Introduction:

    SpoonFTP is an ftp server from the hand of the makers of SpoonProxy
    for the various MS Windows incarnations.

    SpoonFTP is available from vendor Pi-Soft's website:
    http://www.pi-soft.com

    Problem(s):

    The SpoonFTP server doesn't correctly apply boundary checks on
    the 'CWD' and 'LIST' commands. Issueing one of these to the server
    followed by respectively 530 and 531 bytes of data or more will
    cause the server to die.

    Altough in the majority of the attempts internal errors will kill
    the SpoonFTP process before any data can be passed on to the stack,
    it is possible to use this to overwrite eip and execute arbitrary
    code on the target machine.

    (..)

    Solution:

    Vendor has been notified and has verified the existence of these
    problems. SpoonFTP v1.0.0.13 has been released to deal with them.
    Users are encouraged to upgrade.

    This was tested against SpoonFTP v1.0.0.12 on Win2k.

    yadayadayada

    Free sk8! (http://www.freesk8.org)

    SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
    compliant, all information is provided on AS IS basis.

    EOF, but Strumpf Noir Society will return!