Date: 1 Aug 2004 15:20:52 +0200
From: SecuriTeam <[email protected]>
To: [email protected]Subject: [NT] BlackJumboDog FTP Server Buffer Overflow
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
BlackJumboDog FTP Server Buffer Overflow
------------------------------------------------------------------------
SUMMARY
SapporoWorks BlackJumboDog is an integrated open-source proxy server, web
server and FTP server developed by SapporoWorks for Microsoft Windows
platforms.
BlackJumboDog version 3.6.1 is vulnerable to a buffer overflow in its FTP
server.
DETAILS
Vulnerable Systems:
* BlackJumboDog version 3.6.1
Immune Systems:
* BlackJumboDog version 3.6.2
Impact:
By sending a specially crafted FTP request containing a long parameter
string in the USER, PASS, RETR, CWD, XMKD, XRMD or various other commands,
a remote attacker could cause a stack overflow and execute arbitrary code.
Technical Details:
This vulnerability is caused by an unsafe strcpy() that copies the entire
parameter of the user's FTP command to a stack buffer of 256 bytes. For
example, suppose that the user's FTP client issues the following command.
USER xxxxxxxxxxxx
The command parameter "xxxxxxxxxxxx" will be copied to a 256 bytes buffer
using strcpy(). Hence, by crafting an FTP command with an overly long
parameter, a remote attacker could trigger a stack overflow and execute
arbitrary code. The attacker do not need to have a valid account on the
FTP server since the overflow can be triggered prior to authentication
using the USER command.
Vendor Status:
The author has fixed the bug in version 3.6.2. Users are advised to
upgrade to the fixed version.
ADDITIONAL INFORMATION
The information has been provided by <mailto:[email protected]>
Chew Keong TAN.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
