[NT] Buffer Overflow in EF Commander

From: SecuriTeam (support_at_securiteam.com)
Date: 07/28/03

  • Next message: SecuriTeam: "[NEWS] NetScreen non-IP Protocol Denial of Service (And non-IP Machine Compromise)" 
    To: list@securiteam.com
Date: 28 Jul 2003 18:08:15 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Get Thawte's New Step-by-Step SSL Guide for Apache.
    http://ad.doubleclick.net/clk;5903117;8265118;i

    - - - - - - - - -

      Buffer Overflow in EF Commander
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.efsoftware.com/> EF Commander is "a file manager, archiver,
    viewer, FTP-client for the Windows 95/98/Me, Windows NT 4.0, Windows 2000
    and Windows XP desktop". The FTP program has been found to be vulnerable
    to a buffer overflow in the FTP server's responses handling code.

    DETAILS

    Vulnerable systems:
     * EF Commander version 3.54

    If a malicious server, sends an overly long FTP welcome banner, such as:
         PADDING EBP EIP
    220 [508xA][4xB][4xX] // Totaling 516+4 Bytes
    (Access violation when executing 0x58585858) // 4xX

    It is possible for the malicious FTP to overwrite the EIP of the
    connecting computer, thus being in fact able to cause the connecting
    computer to execute arbitrary code.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:peter4020@hotmail.com> Peter
    Winter-Smith.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] NetScreen non-IP Protocol Denial of Service (And non-IP Machine Compromise)"

    Relevant Pages

    • Re: Problem about Window Xp SP2 firewall and the buildin FTP command
      ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ...
      (microsoft.public.windowsxp.general)
    • Problem about Window XP SP2 firewall and the buildin FTP command
      ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: Problem about Window Xp SP2 firewall and the buildin FTP command
      ... I copy your example ftp command file to a.txt saved in C:\dell folder. ... I cannot turn off Windows Firewall, since it is controlled by Domain ...
      (microsoft.public.windowsxp.general)
    • Re: FTP Setup in WIndows 2000 help
      ... Thank you for responding Bernard. ... The more I use Win2k Server the more I realize I am no IT guy... ... So FTP is still not working and now I seem to have broken forms on the ... to set up a basic login FTP service on a Windows ...
      (microsoft.public.inetserver.iis.ftp)
    • [NT] Windows XP gethostbyaddr() NULL h_name Pointer
      ... Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. ... It is possible to crash any application on Windows XP whenever ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)