Full Disclosure mailing list archives

Remote buffer overflow in GlobalScape Secure FTP server 3.0.2

From: "muts" <muts () whitehat co il>
Date: Mon, 2 May 2005 02:41:36 +0200

See Security, Research and Development
------------------------------------------------------

[-] Product Information
 
GlobalScape Secure FTP Server is a flexible, reliable, and cost-effective
File Transfer Protocol (FTP) Server. Secure FTP Server is used to exchange
data securely using the most up-to-date security protocols available and
employs a rich set of automation tools, providing a comprehensive data
management solution.
 
[-] Vulnerability Description
 
A buffer overflow was discovered in GlobalScape Secure FTP Server
3.0.2 which allows remote code execution by sending a malformed FTP 
request.

[-] Analysis
 
When sending a malformed FTP request in the format [3000 Bytes]\r\n we will
be able to overwrite the instruction pointer (and SEH) with an arbitrary
address.
 
[-] Vendor Notification
 
The vendor has been notified, and a fix is available.
 
[-] Exploit
 
Developed by Mati Aharoni
 
http://www.hackingdefined.com/exploits/globalscape_ftp_30_EIP.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30_SEH.py
http://www.hackingdefined.com/exploits/globalscape_ftp_30.pm
http://www.hackingdefined.com/exploits/Globalscape30.pdf

[-] Credits
 
The vulnerability was discovered by Mati Aharoni.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Remote buffer overflow in GlobalScape Secure FTP server 3.0.2 muts (May 01)