OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Kanatoko (anvil_at_jumperz.net)
Date: Wed Feb 05 2003 - 22:57:01 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Cute FTP 5.0 XP, build 51.1.23.1 was released, but it is still
    vulnerable against the same issue.

    Sending 780 bytes( in previous build, it was 257 bytes ) as a reply to
    LIST command cause a stack overflow.

    # BTW, I found another buffer overflow problem. Copy long url like
    # "ftp://AAAAAAAAAAA....AAAAAAAAAAA/"
    # to clipboard and execute CuteFTP. It will crash immediately.
    # Seems like a bug, not a security hole.

    -- 
    Kanatoko<anviljumperz.net>
    http://www.jumperz.net/
    irc.friend.td.nu:6667 #ouroboros
    

    On Sat, 18 Jan 2003 06:25:31 +0000 "Lance Fitz-Herbert" <fitzieshotmail.com> wrote:

    > Advisory 07: > ------------ > Buffer Overflow In CuteFTP 5.0 XP > > > Discovered: > ----------- > By Me, Lance Fitz-Herbert (aka phrizer). > September 4th, 2002 > > > Vulnerable Applications: > ------------------------ > Tested On CuteFTP 5.0 XP, build 50.6.10.2 > Others could be vulnerable... > > > Impact: > ------- > Medium, > This could allow arbitary code to be executed on the remote victims machine, > if the attacker is > successfull in luring a victim onto his server. > > > Details: > -------- > When a FTP Server is responding to a "LIST" (directory listing) command, the > response is sent > over a data connection. Sending 257 bytes over this connection will cause a > buffer to overflow, > and the EIP register can be overwritten completely by sending 260 bytes of > data. > > > Vendor Status: > -------------- > Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth > within a few days, they > confirmed the problem, and siad they are working on a release for Monday > (20th Jan, 03) which will address > the issue. > > > Solution: > --------- > Upgrade to new version which should be avalible from Monday (20th Jan, 03). > > > Exploit: > -------- > Not released. > > > Contacting Me: > -------------- > ICQ: 23549284 > IRC: irc.dal.net #KORP > > > > ---- > NOTE: Because of the amount of spam i receive, i require all emails *to me* > to contain the word "nospam" in the subject line somewhere. Else i might not > get your email. thankyou. > ---- > > > > > > > _________________________________________________________________ > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* > http://join.msn.com/?page=features/virus > >