Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: win5936.htm

CuteFTP buffer overflow



20th Jan 2003 [SBWID-5936]
COMMAND

	CuteFTP buffer overflow

SYSTEMS AFFECTED

	CuteFTP 5.0 XP

PROBLEM

	Lance Fitz-Herbert (aka phrizer) [fitzies@hotmail.com] found :
	
	When a  FTP  Server  is  responding  to  a  "LIST"  (directory  listing)
	command, the response is sent over a data connection. Sending 257  bytes
	over this connection will cause  a  buffer  to  overflow,  and  the  EIP
	register can be overwritten completely by sending 260 bytes of data.

SOLUTION

	Upgrade to new version which should be avalible from Monday  (20th  Jan,
	03).


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH