From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Jul 08 2003 - 06:35:22 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
IglooFTP PRO FTP Server Response Buffer Overflow Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9196/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
IglooFTP PRO 3.x for Windows

DESCRIPTION:
A vulnerability has been identified in IglooFTP PRO, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error, when handling
responses from FTP servers. This can be exploited by setting up a
malicious FTP server and trick a user into connecting to it.

A malicious FTP server could eg. return an overly long, specially
crafted FTP banner when the user connects, which will cause a buffer
overflow thereby potentially executing arbitrary code on the user's
system.

The vulnerability has been reported in version 3.8 for Windows.
However, prior versions may also be affected.

SOLUTION:
Update to version 3.9:
http://www.iglooftp.com/dl/windows/IFTPPro39.exe

REPORTED BY / CREDITS:
Peter Winter-Smith

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]