Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Remote buffer overflow in GlobalScape Secure FTP server 3.0.2
From: "muts" <muts () whitehat co il>
Date: Mon, 2 May 2005 02:41:36 +0200

See Security, Research and Development

[-] Product Information
GlobalScape Secure FTP Server is a flexible, reliable, and cost-effective
File Transfer Protocol (FTP) Server. Secure FTP Server is used to exchange
data securely using the most up-to-date security protocols available and
employs a rich set of automation tools, providing a comprehensive data
management solution.
[-] Vulnerability Description
A buffer overflow was discovered in GlobalScape Secure FTP Server
3.0.2 which allows remote code execution by sending a malformed FTP 

[-] Analysis
When sending a malformed FTP request in the format [3000 Bytes]\r\n we will
be able to overwrite the instruction pointer (and SEH) with an arbitrary
[-] Vendor Notification
The vendor has been notified, and a fix is available.
[-] Exploit
Developed by Mati Aharoni

[-] Credits
The vulnerability was discovered by Mati Aharoni.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Remote buffer overflow in GlobalScape Secure FTP server 3.0.2 muts (May 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]