[NT] Buffer Overflow in EF Commander
From: SecuriTeam (support_at_securiteam.com)
Date: 07/28/03
- Previous message: SecuriTeam: "[UNIX] Remotely Exploitable Overflow In mod_mylo For Apache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 28 Jul 2003 18:08:15 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Get Thawte's New Step-by-Step SSL Guide for Apache.
http://ad.doubleclick.net/clk;5903117;8265118;i
- - - - - - - - -
Buffer Overflow in EF Commander
------------------------------------------------------------------------
SUMMARY
<http://www.efsoftware.com/> EF Commander is "a file manager, archiver,
viewer, FTP-client for the Windows 95/98/Me, Windows NT 4.0, Windows 2000
and Windows XP desktop". The FTP program has been found to be vulnerable
to a buffer overflow in the FTP server's responses handling code.
DETAILS
Vulnerable systems:
* EF Commander version 3.54
If a malicious server, sends an overly long FTP welcome banner, such as:
PADDING EBP EIP
220 [508xA][4xB][4xX] // Totaling 516+4 Bytes
(Access violation when executing 0x58585858) // 4xX
It is possible for the malicious FTP to overwrite the EIP of the
connecting computer, thus being in fact able to cause the connecting
computer to execute arbitrary code.
ADDITIONAL INFORMATION
The information has been provided by <mailto:peter4020@hotmail.com> Peter
Winter-Smith.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] Remotely Exploitable Overflow In mod_mylo For Apache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Re: Problem about Window Xp SP2 firewall and the buildin FTP command
... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a
problem that if running multiple FTP command at the same ... Windows XP SP2 to limit
Max Connections/sec ... (microsoft.public.windowsxp.general) - Problem about Window XP SP2 firewall and the buildin FTP command
... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a
problem that if running multiple FTP command at the same ... Windows XP SP2 to limit
Max Connections/sec ... (microsoft.public.windowsxp.perform_maintain) - Re: Problem about Window Xp SP2 firewall and the buildin FTP command
... I copy your example ftp command file to a.txt saved in C:\dell folder. ... I
cannot turn off Windows Firewall, since it is controlled by Domain ... (microsoft.public.windowsxp.general) - Re: FTP Setup in WIndows 2000 help
... Thank you for responding Bernard. ... The more I use Win2k Server the
more I realize I am no IT guy... ... So FTP is still not working and now I seem to have
broken forms on the ... to set up a basic login FTP service on a Windows ... (microsoft.public.inetserver.iis.ftp) - [NT] Windows XP gethostbyaddr() NULL h_name Pointer
... Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada.
... It is possible to crash any application on Windows XP whenever ... The information
in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall
we be liable for any damages whatsoever including direct, indirect, incidental, consequential,
loss of business profits or special damages. ... (Securiteam)
