-
January 20th, 2003, 03:30 PM
#1
CuteFTP 5.0 XP - Buffer Overflow!
A new vulnerability has been found in CuteFTP's most recent release.
Impact:
-------
Medium,
This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.
Details:
--------
When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of
data.
The author of this vulnerability has contacted the vendor, GlobalSCAPE, with details of the vulnerability, who have subsequently said they were working on an upgraded version of CuteFTP which would be available to download, as of today, 20/1/03. But nothing on the vendor site as of yet!
CuteFTP 5.0 XP, Buffer Overflow
So anyone currently running this s/w, keep an eye on CuteFTP for the upgrade!
Cheers
r3b00+
-
January 20th, 2003, 03:56 PM
#2
Banned
Also, I would recommend switching to WS_FTP. Its a great piece of software, and I've never had any problems with it. You atleast might want to switch to it until you find the upgrade/patch for CuteFTP.
You can find WS_FTP at CNet's ever-popular, download.com
-
January 20th, 2003, 04:11 PM
#3
I've tried CuteFTP XP and the way it's setup for an FTP program is absolutely insane. You're definitely better off getting the Pro version and ditching the XP version all together. Nicer setup, ease of use, and I've never had a problem with Pro.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|