|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] Remote buffer overflow in GlobalScape Secure FTP server 3.0.2
From: muts (muts
whitehat.co.il)
Date: Sun May 01 2005 - 19:41:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
See Security, Research and Development
------------------------------------------------------
[-] Product Information
GlobalScape Secure FTP Server is a flexible, reliable, and cost-effective
File Transfer Protocol (FTP) Server. Secure FTP Server is used to exchange
data securely using the most up-to-date security protocols available and
employs a rich set of automation tools, providing a comprehensive data
management solution.
[-] Vulnerability Description
A buffer overflow was discovered in GlobalScape Secure FTP Server
3.0.2 which allows remote code execution by sending a malformed FTP
request.
[-] Analysis
When sending a malformed FTP request in the format [3000 Bytes]\r\n we will
be able to overwrite the instruction pointer (and SEH) with an arbitrary
address.
[-] Vendor Notification
The vendor has been notified, and a fix is available.
[-] Exploit
Developed by Mati Aharoni
http://www.hackingdefined.com/exploits/globalscape_ftp_30_EIP.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30_SEH.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30.pm
http://www.hackingdefined.com/exploits/Globalscape30.pdf
[-] Credits
The vulnerability was discovered by Mati Aharoni.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]