OSVDB ID: 16049

Title: GlobalSCAPE Secure FTP Server (gsftps) Command Parsing Remote Overflow

Info

Disclosure

May 01, 2005

Discovery

Unknown

Dates

Exploit

May 01, 2005

Solution

Unknown

Description

A remote overflow exists in GlobalSCAPE Secure FTP Server. The Secure FTP Server fails to perform adequate bounds checking of user-supplied input resulting in a buffer overflow. With a specially crafted request in the format "[3000 Bytes] \r\n" , an attacker can overwrite the EIP and SEH registers and execute arbitrary code on the system, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 3.0.3 Build 4.29.2005 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

GlobalSCAPE

Secure FTP Server

3.0.2

References

Security Tracker: 1013854
Bugtraq ID: 13454
Secunia Advisory ID: 15192
Metasploit ID: 16049
CVE ID: 2005-1415 (see also: NVD)
ISS X-Force ID: 20361
Milw0rm: 975
Exploit Database: 975
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0674.html
Vendor Specific News/Changelog Entry: http://www.cuteftp.com/gsftps/history.asp
http://www.globalscape.com/gsftps/history.aspx
Other Advisory URL: http://www.hackingdefined.com/exploits/Globalscape30.pdf
Generic Exploit URL: http://www.securiteam.com/windowsntfocus/5KP020KFPS.html

Credit

Mati Aharoni - mutswhitehat.co.il -

Direct URL: http://osvdb.org/16049