lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <41A1FA26.4040701@altervista.org> Date: Mon, 22 Nov 2004 15:39:34 +0100 From: Komrade <unsecure@...ervista.org> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: CoffeeCup FTP Clients Buffer Overflow Vulnerability AUTHOR Komrade unsecure@...ervista.org http://unsecure.altervista.org DATE 22/11/2004 PRODUCTS CoffeCup Direct FTP - FTP client for Windows. CoffeeCup Free FTP - free FTP client for Windows. AFFECTED VERSION Versions verified to be vulnerable: CoffeeCup Direct FTP 6.2.0.62 (latest version) CoffeeCup Free FTP 3.0.0.10 (latest version) Prior version should be vulnerable as well. DETAILS Each this programs use the ActiveX Control "WeOnlyDo! COM Ftp DELUXE" (WodFtpDLX.ocx) to communicate with FTP servers. I discovered that this ActiveX doesn't correctly handle a very long file name sent from an FTP server, causing the programs to be vulnerable to a remote buffer overflow. Details on the vulnerabiliy that affect WodFtpDLX ActiveX Control can be found here: http://unsecure.altervista.org/security/wodftpdlx.htm POC EXPLOIT You can find a proof of concept exploit that spawn a shell on port 5555 on the target machine here: http://unsecure.altervista.org/security/coffeecupbof.c VENDOR STATUS I notified this vulnerability to the vendor on 19/11/2004 and they replied that they would start immediately to work on a fix. VULNERABILITY TIMELINE 16/11/2004 Vulnerbility found. 19/11/2004 Vendor contacted for the first time. 19/11/2004 Vendor reply. They are working to fix this vulnerability. 22/11/2004 Public disclosure. -- - Unsecure Programs - - http://unsecure.altervista.org - - Vulnerabilities and exploits - - http://unsecure.altervista.org/security.htm - _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists