CuteFTP 5.0 XP, Buffer Overflow
by Nikola Strahija on January 19th, 2003 Buffer Overflow In CuteFTP 5.0 XP.
Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002
Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.
Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).
Exploit:
--------
Not released.
