From: Donato Ferrante (fdonatoautistici.org)
Date: Wed Aug 17 2005 - 08:44:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                           Donato Ferrante

Application: WinFtp Server
              http://www.wftpserver.com

Version: 1.6.8

Bug: Unicode Buffer Overflow

Date: 17-Aug-2005

Author: Donato Ferrante
              e-mail: fdonatoautistici.org
              web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"WinFTP Server is a multithreaded FTP server for Windows 98/NT/XP."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The bug is located in the "Log To Screen" feature, this feature
allows the program to show server's log on screen.
By default the program has this function (called Log-SCR) enabled.
So a malicious user can trigger an unicode buffer overflow.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability send a request to the FTP server like:

aaa [1024 of a] aaa

and then scroll down the log screen, so the server will crash.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor has been contacted.
Bug will be fixed in the next release.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]