lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Mon May  2 01:13:27 2005
From: muts at whitehat.co.il (muts)
Subject: Remote buffer overflow in GlobalScape Secure FTP
	server 3.0.2

See Security, Research and Development
------------------------------------------------------

[-] Product Information
 
GlobalScape Secure FTP Server is a flexible, reliable, and cost-effective
File Transfer Protocol (FTP) Server. Secure FTP Server is used to exchange
data securely using the most up-to-date security protocols available and
employs a rich set of automation tools, providing a comprehensive data
management solution.
 
[-] Vulnerability Description
 
A buffer overflow was discovered in GlobalScape Secure FTP Server
3.0.2 which allows remote code execution by sending a malformed FTP 
request.

[-] Analysis
 
When sending a malformed FTP request in the format [3000 Bytes]\r\n we will
be able to overwrite the instruction pointer (and SEH) with an arbitrary
address.
 
[-] Vendor Notification
 
The vendor has been notified, and a fix is available.
 
[-] Exploit
 
Developed by Mati Aharoni
 
http://www.hackingdefined.com/exploits/globalscape_ftp_30_EIP.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30_SEH.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30.pm
http://www.hackingdefined.com/exploits/Globalscape30.pdf

[-] Credits
 
The vulnerability was discovered by Mati Aharoni.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux