|
-
January 20th, 2003, 03:30 PM
#1
CuteFTP 5.0 XP - Buffer Overflow!
A new vulnerability has been found in CuteFTP's most recent release.
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
The author of this vulnerability has contacted the vendor, GlobalSCAPE, with details of the vulnerability, who have subsequently said they were working on an upgraded version of CuteFTP which would be available to download, as of today, 20/1/03. But nothing on the vendor site as of yet!
CuteFTP 5.0 XP, Buffer Overflow
So anyone currently running this s/w, keep an eye on CuteFTP for the upgrade!
Cheers
r3b00+
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote