List: bugtraq
Subject: CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability
From: Hongzhen Zhou <felix__zhou () hotmail ! com>
Date: 2004-11-30 2:22:45
Message-ID: <20041130022245.26354.qmail () www ! securityfocus ! com>
[Download message RAW]
Author:
Hongzhen Zhou(Fort.net, Inc) <felix__zhou _at_ hotmail _dot_ com>
DATE:
24/11/2004
PRODUCTS:
CuteFTP Professional - FTP client for Windows.
AFFECTED VERSION:
Versions verified to be vulnerable:
CuteFTP Professional 6.0 (latest verson)
Other versions are not tested.
DETAILS:
When CuteFTP Professional process replies to many commands from a
malicious FTP server, if the reply code is big than 500(4xx works
sometimes) and the length of text following is big than 65530, the
Cute FTP Professional will crash. Only some command's replies are not
affected(like USER, PASS). It becomes even worse when the CuteFTP
connects to server to wait for the welcome message reply, the malicious
server could send such a reply to crash it.
We are not sure if this bug could be exploited to let the attacker
execute arbitrary code remotely.
文章来源于领测软件测试网 https://www.ltesting.net/
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073