| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: fitzies at hotmail.com (Lance Fitz-Herbert)
Subject: CuteFTP 5.0 XP, Buffer Overflow
Advisory 07:
------------
Buffer Overflow In CuteFTP 5.0 XP
Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002
Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.
Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).
Exploit:
--------
Not released.
Contacting Me:
--------------
ICQ: 23549284
IRC: irc.dal.net #KORP
----
NOTE: Because of the amount of spam i receive, i require all emails *to me*
to contain the word "nospam" in the subject line somewhere. Else i might not
get your email. thankyou.
----
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Powered by blists - more mailing lists