lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY2-F88Zt3eCO94Kj300007b7a@hotmail.com>
From: fitzies at hotmail.com (Lance Fitz-Herbert)
Subject: CuteFTP 5.0 XP, Buffer Overflow

Advisory 07:
------------
Buffer Overflow In CuteFTP 5.0 XP


Discovered:
-----------
By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002


Vulnerable Applications:
------------------------
Tested On CuteFTP 5.0 XP, build 50.6.10.2
Others could be vulnerable...


Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine, 
if the attacker is
successfull in luring a victim onto his server.


Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the 
response is sent
over a data connection. Sending 257 bytes over this connection will cause a 
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of 
data.


Vendor Status:
--------------
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth 
within a few days, they
confirmed the problem, and siad they are working on a release for Monday 
(20th Jan, 03) which will address
the issue.


Solution:
---------
Upgrade to new version which should be avalible from Monday (20th Jan, 03).


Exploit:
--------
Not released.


Contacting Me:
--------------
    ICQ: 23549284
    IRC: irc.dal.net #KORP


----
NOTE: Because of the amount of spam i receive, i require all emails *to me* 
to contain the word "nospam" in the subject line somewhere. Else i might not 
get your email. thankyou.
----



_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Powered by blists - more mailing lists