Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CuteFTP 5.0 XP, Buffer Overflow

CuteFTP 5.0 XP, Buffer Overflow

by Nikola Strahija on January 19th, 2003 Buffer Overflow In CuteFTP 5.0 XP.


Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002


Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...


Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.


Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.


Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.


Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).


Exploit:
--------
Not released.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »