GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
BID:13454
Info
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13454 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1415 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2005 12:00AM |
| Updated: | Nov 26 2009 09:45PM |
| Credit: | "muts" <[email protected]> disclosed this vulnerability. |
| Vulnerable: |
KMiNT21 Software Golden FTP Server 2.0 2b KMiNT21 Software Golden FTP Server 1.31 b KMiNT21 Software Golden FTP Server 1.30 b KMiNT21 Software Golden FTP Server 1.20 b KMiNT21 Software Golden FTP Server 1.0 0b globalSCAPE Secure FTP Server 3.0.2 Build 04.12.2005.1 globalSCAPE Secure FTP Server 3.0 |
| Not Vulnerable: |
KMiNT21 Software Golden FTP Server 2.0 5b |
Discussion
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
GlobalSCAPE Secure FTP Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable server.
GlobalSCAPE Secure FTP Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable server.
Exploit / POC
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
Proof-of-concept exploits have been provided by <[email protected]>.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A Metasploit exploit module is available.
Proof-of-concept exploits have been provided by <[email protected]>.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A Metasploit exploit module is available.
- /data/vulnerabilities/exploits/globalscape_ftp_30_SEH.py
- /data/vulnerabilities/exploits/globalscapeftp_user_input.pm
- /data/vulnerabilities/exploits/13454.rb
- /data/vulnerabilities/exploits/goldenftpserver.pl
- /data/vulnerabilities/exploits/globalscape_ftp_30_EIP.py
- /data/vulnerabilities/exploits/globalscape_ftp_30.pm
Solution / Fix
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
Solution:
This issue is addressed in Secure FTP Server 3.0.3.
globalSCAPE Secure FTP Server 3.0
globalSCAPE Secure FTP Server 3.0.2 Build 04.12.2005.1
Solution:
This issue is addressed in Secure FTP Server 3.0.3.
globalSCAPE Secure FTP Server 3.0
-
globalSCAPE Secure FTP Server Latest Version Download
ftp://ftp.globalscape.com/pub/gsftps/gsftps.exe
globalSCAPE Secure FTP Server 3.0.2 Build 04.12.2005.1
-
globalSCAPE Secure FTP Server Latest Version Download
ftp://ftp.globalscape.com/pub/gsftps/gsftps.exe
References
GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
References:
References:
- Golden FTP Server Home Page (KMiNT21 Software)
- Secure FTP Server Version History (globalSCAPE)
- Vendor Homepage (GlobalSCAPE)