lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031017234935.9893.qmail@sf-www2-symnsj.securityfocus.com>
Date: 17 Oct 2003 23:49:35 -0000
From: Vlad M <v_lion_77@...l.ru>
To: bugtraq@...urityfocus.com
Subject: Re: Multiple Heap Overflows in FTP Desktop


In-Reply-To: <20030908202530.24144.qmail@...www1-symnsj.securityfocus.com>

The heap overflow bug has been fixed. The new FTP Desktop version is now available for downloading from http://www.ftpdesktop.net/download.html


>Received: (qmail 27051 invoked from network); 8 Sep 2003 20:49:01 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
>  by mail.securityfocus.com with SMTP; 8 Sep 2003 20:49:01 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
>	by outgoing3.securityfocus.com (Postfix) with QMQP
>	id 90883A30EE; Mon,  8 Sep 2003 14:53:45 -0600 (MDT)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 8052 invoked from network); 8 Sep 2003 14:26:31 -0000
>Date: 8 Sep 2003 20:25:30 -0000
>Message-ID: <20030908202530.24144.qmail@...www1-symnsj.securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: Bahaa Naamneh <b_naamneh@...mail.com>
>To: bugtraq@...urityfocus.com
>Subject: Multiple Heap Overflows in FTP Desktop
>
>
>
>Multiple Heap Overflows in FTP Desktop
>
>
>Introduction:
>=============
>"FTP Desktop lets you access FTP sites as if they were folders on your
>computer.
>Now you can move your files between your hard disk and remote FTP sites
>with greater ease."
>- Vendors Description
>   [ http://www.ftpdesktop.com ]
>
>Note:
>FTP Desktop is fully integrated into Windows Explorer, so the actual 
>module
>at fault appears as 'explorer.exe'.
>
>
>Details:
>========
>Vulnerable systems: FTP Desktop version 3.5 (and possibly earlier
>versions).
>
>Vulnerability: It is possible to cause a Heap overflow in FTP Desktop,
>allowing total modification of the EIP pointer - this can be maliciously
>altered to allow remote arbitrary code execution. The overflow occurs in
>the FTP banner and others areas as it shown here:
>
>FTP Banner:
>-----------
>(FTP Desktop connected...)
>    PADDING EBP  EIP
>220 [229xA][4xB][4xX]
>(Access violation when executing 0x58585858) // 4xX
>
>Username:
>---------
>(FTP Desktop Sends 'USER username')
>    PADDING EBP  EIP
>331 [229xA][4xB][4xX]
>(Access violation when executing 0x58585858) // 4xX
>
>Password:
>---------
>(FTP Desktop Sends 'PASS password')
>    PADDING EBP  EIP
>331 [229xA][4xB][4xX]
>(Access violation when executing 0x58585858) // 4xX
>
>
>Vendor status:
>==============
>The vendor has been informed, and they are fixing this bug.
>The updated version, when released, can be downloaded from:
>
>http://www.ftpdesktop.net/download.html
>[ http://www.ftpdesktop.net/download/ftpsetup.exe ]
>
>
>Exploit:
>========
>http://www.elitehaven.net/ftpdesktop.zip
>
>(I would thank Peter Winter-Smith for helping me in the exploitation)
>
>
>Discovered by/Credit:
>=====================
>Bahaa Naamneh
>b_naamneh@...mail.com
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ