From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Jun 11 2003 - 07:39:27 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
SmartFTP PWD Reply and Long File List Vulnerabilities

READ ONLINE:
http://www.secunia.com/advisories/8998/

CRITICAL:
Less critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
SmartFTP 1.x

DESCRIPTION:
Two vulnerabilities have been reported in SmartFTP, which potentially
can be exploited by malicious people to compromise a user's system.

1) A boundary error when handling "PWD" replies can be exploited to
cause a buffer overflow, which potentially may allow execution of
arbitrary code on a user's system.

2) A boundary error when handling file lists (eg. returned by a
"LIST" command) can be exploited to cause a heap overflow by
returning a file list containing an overly long, specially crafted
string. This could potentially be exploited to execute arbitrary code
on a user's system.

However, in order to successfully exploit the vulnerabilities, a user
has to be tricked into logging in on a malicious FTP server.

SOLUTION:
Update to SmartFTP 1.0.976 or later:
http://www.smartftp.com/download/

REPORTED BY / CREDITS:
nesumin
:: Operash ::

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]