|
Mabry Software FTPServer/X Response Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA9127
|
|
|
Release Date:
|
2003-06-26
|
|
Popularity:
|
7,131 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | FTPServer/X 1.x
Hyperion FTP Server 2.x
Mollensoft FTP Server 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Secunia has identified a vulnerability in Mabry Software's FTPServer/X component, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable FTP server or potentially compromise it.
The vulnerability is caused due to a boundary error, when the FTP Server returns responses, which include user input. This can be exploited by sending an overly long, specially crafted request, which causes the FTP server to return a reply that triggers a buffer overflow.
Successful exploitation will crash the FTP server requiring a manual restart, before functionality is restored. However, it may potentially also be possible to exploit the vulnerability to execute arbitrary code on a vulnerable system with the privileges of the FTP server.
Example:
telnet [victim] 21
USER AAAA...[995-1017]...AAAA
The FTP Server will crash when the "331 Password required for %s" response is returned.
The following versions have been confirmed vulnerable, but prior versions may also be affected:
FTPServer/X v1.00.045 and v1.00.046.
These have been identified in the following products:
- Simple FTPServer Example (included with affected FTPServer/X components)
- Mollensoft FTP Server 3.5.2 (formerly known as Hyperion)
- Hyperion FTP Server 3.0.0 (updated version downloaded 10/04/2003)
NOTE: Any FTP server using FTPServer/X may be vulnerable.
Solution:
Mabry Software has fixed the vulnerability in FTPServer/X version 1.00.047:
http://www.mabry.com/ftpserv/index.htm
Mollensoft has issued Mollensoft FTP Server version 3.5.3, which uses the latest version of FTPServer/X:
http://www.mollensoft.com/products.htm
If your FTP server uses the FTPServer/X component (look for "FTPServX.dll" / "FTPServX.ocx"), check to see if an updated version of the product has been made available.
Provided and/or discovered by:
Carsten H. Eiram, Secunia Research.
Original Advisory:
For more information:
http://secunia.com/secunia_research/2003-3/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
2nd Dec, 2008
|
New advisories:
|
14 |
|
New vulnerabilities:
|
21 |
|
Updated advisories:
|
26 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
