lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: advisories at atstake.com (@stake advisories)
Subject: @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability (a080802-1)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                               @stake, Inc.
                             www.atstake.com

                            Security Advisory


Advisory Name: WS_FTP SITE CPWD Buffer Overflow vulnerability
 Release Date: 08/08/2002
  Application: WS_FTP SERVER 3.1.1
     Platform: Windows NT/2000/XP
     Severity: A buffer overflow occurs allowing the
               remote execution of arbitrary code
       Author: Andreas Junestam (andreas@...take.com)
Vendor Status: Patch is released
CVE Candidate: CAN-2002-0826
    Reference: www.atstake.com/research/advisories/2002/a080802-1.txt


Overview:

WS_FTP Server is a widely used FTP Server for the Microsoft
NT/2000/XP platform.

There exists a vulnerability within the software, which allows an
attacker to overwrite the return address on the stack, thus taking
control of the execution flow. This allows the attacker to run
arbitrary code on the system remotely


Detailed Description:

The WS_FTP Server allows users to change their password through
a site command, "site cpwd". The code handling the argument supplied
with this site command contains an unchecked string copy, allowing
an attacker to overwrite the return address stored on the stack.
Since the WS_FTP Server is running as a service, in most cases it will
be executing as SYSTEM.

The feature to allow user to change their passwords is enabled by
deafult, but it is possible for a WS_FTP Server administrator to turn
this functionality off.


Vendor Response:

This issue was reported to Ipswitch on July 25, 2002 and a patch was
produced short thereafter.


Recommendation:

Install the patch provided by Ipswitch:
ftp://ftp.ipswitch.com/ipswitch/product_support/WS_FTP_Server/ifs312.exe

For more info, see:
http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html

Also, consider turning off all unused features and run the software
under a less privileged account.


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has
assigned the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

  CAN-2002-0926 WS_FTP SITE CPWD Buffer Overflow vulnerability

@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2002 @stake, Inc. All rights reserved.



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3 

iQA/AwUBPVJ5SEe9kNIfAm4yEQJ45QCg8ZQeT5YBnM+M828g4/ADvDjQhqsAoLBj
8/7ChofztBBYnruT3tu62Kgr
=WJ3k
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ