A buffer overflow vulnerability was found in Golden FTP Server version 2.52, which can be exploited by malicious people to compromise a vulnerable system. A boundary error in the log parsing functionality causes this vulnerability. When the log parsing functionality handles entries in the "gftppro.log" file, if an overly long argument is passed to the "USER" FTP command, a stack-based buffer overflow can happen. An example of such buffer overflow attack is shown as below:
char userreq[] =
"USER "
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";Successful exploitation could allow attackers to execute arbitrary code.
Golden FTP Server Pro version 2.52 (10.04.2005) and prior are known affected products.
BroadWeb Security Service Team (BSST) has released the countermeasure signatures in signature version 2.89, which includes:
# 1051915_EXPLOIT Golden FTP Server Pro Remote "USER" Command Overflow
NetKeeper users are urged to upgrade their signature patterns to version 2.89 or later in order to thwart these attacks.
(BSST, Broadweb Security Service Team)
|
