SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  Hyperion FTP Server Vendors:  Mollensoft Software
Hyperion FTP Server Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1005849
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 23 2002
Impact:  Execution of arbitrary code via network, User access via network
Version(s): 2.8.11
Description:  Securma Massine reported a buffer overflow vulnerability in Mollensoft's Hyperion FTP Server. A remote authenticated user, including an anonymous user, can execute arbitrary code on the system.

According to the report, a remote authenticated user can issue a DIR command followed by a 300 byte string to trigger a buffer overflow in ftpservx.dll. The EIP register can be modified to point to the beginning of the user-supplied string, allowing arbitrary code to be executed by the remote user.
Impact:  A remote authenticated user (including an anonymous user) can execute arbitrary code on the system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.mollensoft.com/product2.htm (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  securma massine <securma@caramail.com>
Message History:   None.

 Source Message Contents
Date:  Mon, 23 Dec 2002 14:34:44 GMT+1
From:  securma massine <securma@caramail.com>
Subject:  Hyperion FTP Server buffer overflow

 

--=_NextPart_Caramail_0084201040650484_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

hi

Hyperion FTP Server (http://www.mollensoft.com/ )is a 
powerful, reliable FTP server for Windows 95/98/NT/2000, 
and supports all basic FTP commands, and much more, such as 
passive mode. 
A vulnerability exists in Hyperion Ftp Server (version 
2.8.11)which allows a remote 
user to execute an arbitrary code ,it is a similar 
vulnerability of Enceladus Server Suite 
I believe that the problem reside in the use of Marby 
Socket Window and
 ftpservx.dll 
who does not support dir+(buffer=3D300 byte)
Access violation - code c0000005 (first chance)
eax=3D0012bcbc ebx=3D0012c574 ecx=3D42424242 edx=3D7846f5b5 
esi=3D0012bce4 edi=3D00147ffd
eip=3D42424242 esp=3D0012bc24 ebp=3D0012bc44 iopl=3D0 nv up 
ei pl zr na po nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b 
gs=3D0000 efl=3D00000246
42424242 ?? ???


made that eip point towards the beginning of our buffer 
makes me think a news methode to backdooring...
it is also noticed that the pass is without encoding 
a:/users/"login "

securma massine
french translation :
http://www.itmaroc.com/modules.php?
name=3DNews&file=3Darticle&sid=3D277
_________________________________________________________ 
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors co=FBt du SMS)


--=_NextPart_Caramail_0084201040650484_ID--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC