CuteFTP 5.0 XP - Buffer Overflow!
Results 1 to 3 of 3

Thread: CuteFTP 5.0 XP - Buffer Overflow!

  1. #1
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699

    CuteFTP 5.0 XP - Buffer Overflow!

    A new vulnerability has been found in CuteFTP's most recent release.

    Impact:
    -------
    Medium,
    This could allow arbitary code to be executed on the remote victims machine,
    if the attacker is
    successfull in luring a victim onto his server.


    Details:
    --------
    When a FTP Server is responding to a "LIST" (directory listing) command, the
    response is sent
    over a data connection. Sending 257 bytes over this connection will cause a
    buffer to overflow,
    and the EIP register can be overwritten completely by sending 260 bytes of
    data.
    The author of this vulnerability has contacted the vendor, GlobalSCAPE, with details of the vulnerability, who have subsequently said they were working on an upgraded version of CuteFTP which would be available to download, as of today, 20/1/03. But nothing on the vendor site as of yet!

    CuteFTP 5.0 XP, Buffer Overflow

    So anyone currently running this s/w, keep an eye on CuteFTP for the upgrade!

    Cheers

    r3b00+

  2. #2
    Also, I would recommend switching to WS_FTP. Its a great piece of software, and I've never had any problems with it. You atleast might want to switch to it until you find the upgrade/patch for CuteFTP.

    You can find WS_FTP at CNet's ever-popular, download.com

  3. #3
    GreekGoddess
    Guest
    I've tried CuteFTP XP and the way it's setup for an FTP program is absolutely insane. You're definitely better off getting the Pro version and ditching the XP version all together. Nicer setup, ease of use, and I've never had a problem with Pro.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •