Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow Vulnerability
BID:17681
Info
Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow Vulnerability
| Bugtraq ID: | 17681 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2006 12:00AM |
| Updated: | Apr 25 2006 04:46PM |
| Credit: | Iran Homeland Security is credited with the discovery of this vulnerability. |
| Vulnerable: |
Pablo Software Solutions Quick And Easy FTP Server 3.0 Pablo Software Solutions Quick And Easy FTP Server 1.71 Pablo Software Solutions Quick And Easy FTP Server 1.70 Pablo Software Solutions Quick And Easy FTP Server 1.64 Pablo Software Solutions Quick And Easy FTP Server 1.63 Pablo Software Solutions Quick And Easy FTP Server 1.62 Pablo Software Solutions Quick And Easy FTP Server 1.61 Pablo Software Solutions Quick And Easy FTP Server 1.60 |
| Not Vulnerable: | |
Discussion
Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow Vulnerability
Quick 'n Easy FTP Server is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application. This likely occurs with SYSTEM-level privileges.
Quick 'n Easy FTP Server is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application. This likely occurs with SYSTEM-level privileges.
Exploit / POC
Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow Vulnerability
The following FTP command data is sufficient to demonstrate this vulnerability:
command aaaaa < about 1100 a (0x61) here > aaaa
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following FTP command data is sufficient to demonstrate this vulnerability:
command aaaaa < about 1100 a (0x61) here > aaaa
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow Vulnerability
References:
References:
- Quick 'n Easy FTP Server Homepage (Pablo Software Solutions)
- Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow ("Kaveh Razavi"