Info

Disclosure

Jul 25, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in FileCOPA FTP server. The product fails to perform correct boundary checks on directory names such as 'CWD', 'DELE', 'MDTM', and 'MKD' when processing a client's command, resulting in a integer underflow. With a specially crafted command, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.01 (2006-07-18) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 2006-07-18 release without a change in version number. An upgrade is required as there are no known workarounds.

Products

InterVations, Inc.	FileCOPA	1.01
		1.01 (2005-11-21)
		1.01 (2006-02-19)
		1.01 (2006-04-06)
		1.01 (2006-07-18)
		1.01 (2006-07-21)

References

Bugtraq ID: 19153
CVE ID: 2006-3768 (see also: NVD)
Secunia Advisory ID: 21097
ISS X-Force ID: 27941
VUPEN Advisory: ADV-2006-2960
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0589.html
Other Advisory URL: http://secunia.com/secunia_research/2006-55/advisory/
Vendor URL: http://www.filecopa.com/

Credit

Carsten Eiram - -

Direct URL: http://osvdb.org/27486

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

InterVations, Inc.

FileCOPA

References

Credit