Cute FTP 5.0 XP, build 51.1.23.1 was released, but it is still vulnerable against the same issue. Sending 780 bytes( in previous build, it was 257 bytes ) as a reply to LIST command cause a stack overflow. # BTW, I found another buffer overflow problem. Copy long url like # "ftp://AAAAAAAAAAA....AAAAAAAAAAA/"; # to clipboard and execute CuteFTP. It will crash immediately. # Seems like a bug, not a security hole. -- Kanatoko<anvil@jumperz.net> http://www.jumperz.net/ irc.friend.td.nu:6667 #ouroboros On Sat, 18 Jan 2003 06:25:31 +0000 "Lance Fitz-Herbert" <fitzies@hotmail.com> wrote: > Advisory 07: > ------------ > Buffer Overflow In CuteFTP 5.0 XP > > > Discovered: > ----------- > By Me, Lance Fitz-Herbert (aka phrizer). > September 4th, 2002 > > > Vulnerable Applications: > ------------------------ > Tested On CuteFTP 5.0 XP, build 50.6.10.2 > Others could be vulnerable... > > > Impact: > ------- > Medium, > This could allow arbitary code to be executed on the remote victims machine, > if the attacker is > successfull in luring a victim onto his server. > > > Details: > -------- > When a FTP Server is responding to a "LIST" (directory listing) command, the > response is sent > over a data connection. Sending 257 bytes over this connection will cause a > buffer to overflow, > and the EIP register can be overwritten completely by sending 260 bytes of > data. > > > Vendor Status: > -------------- > Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth > within a few days, they > confirmed the problem, and siad they are working on a release for Monday > (20th Jan, 03) which will address > the issue. > > > Solution: > --------- > Upgrade to new version which should be avalible from Monday (20th Jan, 03). > > > Exploit: > -------- > Not released. > > > Contacting Me: > -------------- > ICQ: 23549284 > IRC: irc.dal.net #KORP > > > > ---- > NOTE: Because of the amount of spam i receive, i require all emails *to me* > to contain the word "nospam" in the subject line somewhere. Else i might not > get your email. thankyou. > ---- > > > > > > > _________________________________________________________________ > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* > http://join.msn.com/?page=features/virus > >
