| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jul 2004 23:49:43 +0200 From: Komrade <giocasati@...erfree.it> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Buffer overflow in Whisper FTP Surfer 1.0.7 PRODUCT Whisper FTP Surfer is a freeware FTP client for Windows DETAILS A buffer overflow in version 1.0.7 (latest version) occours when trying to open a file with a long name from an FTP Server. For common extension (as .txt) FTP surfer create a temporary file and tries to open it. When closing the FTP Surfer, it tries to delete the temporary file. The long name of the file added to the name of the temporary folder overflows the buffer. POC Create a file with a very long name with the ".txt" extension, put it on an FTP Server and try to open it from FTP Surfer, you'll get an error message: "Unable to execute program". Then when you close the FTP Surfer the EIP will be invaild. EXPLOITATION Remote exploitation is not very easy because an attacker must guess the space occupied by the path of the temporary folder to exactly overwrite the return address, but is possible. VENDOR STATUS I notified this bug to the vendor on 10/07/04 but they haven't replied. -- - Komrade - - http://unsecure.altervista.org - _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists