lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <41A1FA26.4040701@altervista.org>
Date: Mon, 22 Nov 2004 15:39:34 +0100
From: Komrade <unsecure@...ervista.org>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: CoffeeCup FTP Clients Buffer Overflow Vulnerability


AUTHOR
Komrade
unsecure@...ervista.org
http://unsecure.altervista.org

DATE
22/11/2004

PRODUCTS
CoffeCup Direct FTP - FTP client for Windows.
CoffeeCup Free FTP - free FTP client for Windows.

AFFECTED VERSION
Versions verified to be vulnerable:
CoffeeCup Direct FTP 6.2.0.62 (latest version)
CoffeeCup Free FTP 3.0.0.10 (latest version)

Prior version should be vulnerable as well.

DETAILS
Each this programs use the ActiveX Control "WeOnlyDo! COM Ftp DELUXE"
(WodFtpDLX.ocx) to communicate with FTP servers.
I discovered that this ActiveX doesn't correctly handle a very long file
name sent from an FTP server, causing the programs to be vulnerable to a
remote buffer overflow.

Details on the vulnerabiliy that affect WodFtpDLX ActiveX Control can be
found here:
http://unsecure.altervista.org/security/wodftpdlx.htm

POC EXPLOIT
You can find a proof of concept exploit that spawn a shell on port 5555
on the target machine here:
http://unsecure.altervista.org/security/coffeecupbof.c

VENDOR STATUS
I notified this vulnerability to the vendor on 19/11/2004 and they
replied that they would start immediately to work on a fix.

VULNERABILITY TIMELINE
16/11/2004 Vulnerbility found.
19/11/2004 Vendor contacted for the first time.
19/11/2004 Vendor reply. They are working to fix this vulnerability.
22/11/2004 Public disclosure.


-- 
- Unsecure Programs -
- http://unsecure.altervista.org -

- Vulnerabilities and exploits -
- http://unsecure.altervista.org/security.htm -

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ