[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Remote buffer overflow in GlobalScape Secure FTP server 3.0.2
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Remote buffer overflow in GlobalScape Secure FTP server 3.0.2
- From: "muts" <muts@xxxxxxxxxxxxxx>
- Date: Mon, 2 May 2005 02:41:36 +0200
See Security, Research and Development
------------------------------------------------------
[-] Product Information
GlobalScape Secure FTP Server is a flexible, reliable, and cost-effective
File Transfer Protocol (FTP) Server. Secure FTP Server is used to exchange
data securely using the most up-to-date security protocols available and
employs a rich set of automation tools, providing a comprehensive data
management solution.
[-] Vulnerability Description
A buffer overflow was discovered in GlobalScape Secure FTP Server
3.0.2 which allows remote code execution by sending a malformed FTP
request.
[-] Analysis
When sending a malformed FTP request in the format [3000 Bytes]\r\n we will
be able to overwrite the instruction pointer (and SEH) with an arbitrary
address.
[-] Vendor Notification
The vendor has been notified, and a fix is available.
[-] Exploit
Developed by Mati Aharoni
http://www.hackingdefined.com/exploits/globalscape_ftp_30_EIP.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30_SEH.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30.pm
http://www.hackingdefined.com/exploits/Globalscape30.pdf
[-] Credits
The vulnerability was discovered by Mati Aharoni.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/