Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » BlackMoon FTPd Buffer Overflow Vulnerability

BlackMoon FTPd Buffer Overflow Vulnerability

by Nikola Strahija on January 16th, 2002 The BlackMoon FTP server is vulnerable to a buffer overflow condition. Due to the nature of these problems, this could lead to arbitrary code execution on a target machine.


More specifically, the buffer which handles the received data before
parsing it was incorrectly declared static in below code.


CBuffer::CBuffer(const char * data, int len, int capacity_inc)
{
bf_head = (char*)&staticBuf; //(char*)malloc(len * sizeof(char));
if(bf_head != NULL)
{
memcpy(bf_head,data,len);
bf_capacity = sizeof(staticBuf); //len;
bf_current_size = len;
bf_capacity_inc = capacity_inc;


Due to this error, it is possible to overflow this buffer through several
of the standard ftp commands available to the user (specifically 'USER',
'PASS' and 'CWD') followed by a string of data sized more than 4096 bytes.

This will kill the BlackMoon FTP service (which runs under the local SYSTEM
account) and allows for overwriting of EIP.

Solution:
Upgrade to BlackMoon FTP v1.5, Release #2, Build 1550. Get it from http://www.blackmoon.filetap.com/

Tested on against BlackMoon FTP v1.5 (Release #1 Build 1547). Vulnerable versions down to 1.0,
Release #1, Build 1115. Found by SNS Research.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »