Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
BID:17881
Info
Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17881 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2006 12:00AM |
| Updated: | May 09 2006 01:54AM |
| Credit: | Bigeazer is credited with the discovery of this vulnerability. |
| Vulnerable: |
Intervations FileCopa FTP Server 1.01.-2006-02-19 Intervations FileCopa FTP Server 1.01.-2005-11-21 Intervations FileCopa FTP Server 1.01 |
| Not Vulnerable: | |
Discussion
Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
FileCopa is prone to a buffer-overflow vulnerability when handling data through the USER command.
Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or the execution of arbitrary code.
FileCopa is prone to a buffer-overflow vulnerability when handling data through the USER command.
Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or the execution of arbitrary code.
Exploit / POC
Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
The following proof of concept resulting in a denial-of-service condition is available:
The following proof of concept resulting in a denial-of-service condition is available:
Solution / Fix
Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
References:
References:
- FileCopa Homepage (Intervations)
- FILECOPA V1.01 and Below Pre-Authentication Remote Overflow (Black Security)