lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Feb 2006 23:34:17 -0800 (PST) From: Adrian Castro <acastro@...uxquestions.net> To: bugtraq@...urityfocus.com Subject: South River WebDrive Buffer Overflow Vulnerability South River WebDrive Buffer Overflow Vulnerability ---Summary--- Software Affected: South River WebDrive Software Versions Tested: 6.08 build 1131 Vendors URL: http://www.webdrive.com Vulnerability Type: Boundary Condition Error Credit: Discovered by Adrian Castro Proof of Concept: None Provided Attack Vector: Local Threat Level: Medium ---Vendors Product Description--- WebDrive is more than just an FTP Client. By connecting to WebDAV, FTP, or SFTP servers through a virtual drive, files are transferred by simply saving them to a drive letter. There's no need to run a separate FTP client interface. Unlike typical FTP clients, WebDrive lets you open and edit server-based files without the additional download step. To install WebDrive on Windows NT/2000/XP you must have administrator privileges. Once installed you can use WebDrive from any NT user account. ---Vulnerability Description--- The name entry field in WebDrive is prone to a buffer overflow vulnerability due to a programming error. The name field allows for 257 characters to be copied to a 256 character buffer. Successful exploitation causes the program to fail, and behave erratically/crash on future runs of the program. This vulnerability affects WebDrive 8 running on Windows 2000 SP4, and Windows XP Professional SP2. Other versions of WebDrive and Windows may also be affected. ---Solution--- None at this time. _____________________________________________________________ Thank you for choosing LinuxQuestions. http://www.linuxquestions.org
Powered by blists - more mailing lists