GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow Vulnerability
BID:9904
Info
GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9904 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2004 12:00AM |
| Updated: | Mar 17 2004 12:00AM |
| Credit: | Discovery is credited to STORM <storm at securiteam.com>. |
| Vulnerable: |
globalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 |
| Not Vulnerable: |
globalSCAPE Secure FTP Server 2.0 Build 03.16.2004.1 |
Discussion
GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow Vulnerability
It has been reported that Secure FTP Server may be prone to a remote buffer overflow vulnerability that may allow attackers to execute arbitrary code on a vulnerable system in order to gain unauthorized access. An attacker may cause the buffer overflow condition to occur by sending about 252 bytes of data via a parameter of the SITE Command. Immediate consequences of an attack may result in a denial of service condition. The possibility of remote code execution has not been confirmed at the moment.
Secure FTP Server version 2.0 Build 03.11.2004.2 has been reported to prone to this issue.
It has been reported that Secure FTP Server may be prone to a remote buffer overflow vulnerability that may allow attackers to execute arbitrary code on a vulnerable system in order to gain unauthorized access. An attacker may cause the buffer overflow condition to occur by sending about 252 bytes of data via a parameter of the SITE Command. Immediate consequences of an attack may result in a denial of service condition. The possibility of remote code execution has not been confirmed at the moment.
Secure FTP Server version 2.0 Build 03.11.2004.2 has been reported to prone to this issue.
Exploit / POC
GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow Vulnerability
The following proof of concept has been provided:
The following proof of concept has been provided:
Solution / Fix
GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow Vulnerability
Solution:
The vendor has released Secure FTP Server version 2.0 Build 03.16.2004.1 to address this issue. Users are advised to contact the vendor in order to obtain the fixed version.
Solution:
The vendor has released Secure FTP Server version 2.0 Build 03.16.2004.1 to address this issue. Users are advised to contact the vendor in order to obtain the fixed version.
References
GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow Vulnerability
References:
References: