SecurityTracker: (Vendor Issues Fix) WFTPD LIST, NLST, and STAT Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (File Transfer/Sharing) > WFTPD Pro

Vendors: Texas Imperial Software

(Vendor Issues Fix) WFTPD LIST, NLST, and STAT Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code

SecurityTracker Alert ID: 1009300

SecurityTracker URL: http://securitytracker.com/id/1009300

CVE Reference: CAN-2004-0340 (Links to External Site)

Updated: Mar 23 2004

Original Entry Date: Mar 3 2004

Impact: Execution of arbitrary code via network, Root access via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): Pro 3.21 Release 1, Pro 3.20 Release 2, 3.21 Release 1, 3.10 Release 1

Description: A buffer overflow vulnerability was reported in WFTPD. A remote authenticated user can execute arbitrary code on the target system.

axl reported that a remote authenticated user can send a specially crafted LIST, NLST, or STAT command to execute arbitrary code. On WFTPD, the code will run with the privileges of the WFTPD process. On WFTPD Pro, the code will reportedly run with SYSTEM privileges.

If the first character of the first argument is '-' and there is a subsequent space character, the flaw can reportedly be exploited. Characters between the first '-' character and the first space charcter are copied to a 32 byte variable, the report said.

Some demonstration exploit code is provided in the Source Message [it is a Base64-encoded zip archive].

Impact: A remote authenticated user can execute arbitrary code, potentially with SYSTEM level privileges.

Solution: The vendor has issued a fixed version (3.21 R2), available at:

http://www.wftpd.com/downloads.htm

Vendor URL: www.wftpd.com/What's%20New.html#321R2Reg (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Message History: This archive entry is a follow-up to the message listed below.

WFTPD LIST, NLST, and STAT Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code

Source Message Contents

Date: Wed, 03 Mar 2004 01:40:11 -0500
Subject: http://www.wftpd.com/What's%20New.html#321R2Reg


http://www.wftpd.com/What's%20New.html#321R2Reg

 > Current version number: 3.21 R2

 > This is a bug-fix release, fixing a remotely exploitable buffer overflow problem,
 > as well as a memory starvation problem that could lead to a denial-of-service attack.

http://www.wftpd.com/downloads.htm

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC