Aggiefamily.com > > News > > SmartFTP problem

User Info Small

Welcome Anonymous

Membership:

Latest: ryankmoon

New Today: 0

New Yesterday: 0

Overall: 75

People Online:

Members: 0

Visitors: 1

Bots: 0

Staff: 0

Staff Online:

No staff members are online!

1800Flowers.com

Spread Firefox

Thunderbird

Google Pack

Old Articles

Monday, November 10
•	Kuwait (0)
Sunday, September 21
•	Approaching the halfway mark (0)
Monday, September 01
•	My mailing address at Fort Stewart (0)
Sunday, August 31
•	Fort Stewart, Georgia (0)
Wednesday, July 09
•	San Antonio Trip (0)
Sunday, June 29
•	Cancun Pictures Uploaded (1)
Sunday, June 29
•	Finished with Fort Polk (0)
Tuesday, May 27
•	Boy, have I been neglecting this site or what? (1)
Sunday, April 20
•	Site Upgrade (0)
Sunday, April 06
•	Deploying to Iraq, again. (0)
Tuesday, July 17
•	My Texas Cavalry Medal is here (0)
Wednesday, June 13
•	Database Error (0)
Monday, June 11
•	Latest ActionGear.com promotions (0)
Sunday, May 13
•	Unreleased song from Granger Smith - We Bleed Maroon (0)
Sunday, February 11
•	AggieBaby's First Haircut (0)
Saturday, February 03
•	My Dancing Baby (1)
Tuesday, January 16
•	New pics (0)
Monday, December 04
•	Homecoming (0)
Sunday, November 26
•	Mike's return (0)
Tuesday, October 31
•	Happy Birthday Kyle! (0)
Monday, October 02
•	Hello from the sandbox (0)
Tuesday, July 11
•	An Update from Mike (0)
Saturday, June 10
•	Ryan's Rant (0)
Friday, April 21
•	Look what the storm blew in (0)
Tuesday, April 04
•	Finally, some new photos uploaded (0)
Saturday, April 01
•	Greetings from Operation This Place Sucks (0)
Friday, March 31
•	The Middle Wife (0)
Wednesday, February 01
•	Finally, some pics from Mike (0)
Monday, January 23
•	Out of Contact (0)
Thursday, December 29
•	Mike is in Iraq (0)

Older Articles

News > > SmartFTP problem

Adsense

Google Search

Multiple Graphical FTP Client Buffer Overflows

Affected Products (versions prior to those listed below may also be vulnerable):

FlashFXP 2.0 build 905

SmartFTP 1.0.973

LeapFTP 2.7.3.600

FTP Voyager 10.0.0.0

Description:

Multiple third-party graphical FTP clients contain various buffer overflows that allow a malicious FTP server to execute arbitrary code on the client system. The list below describes the type of server data that triggers the overflow for each affected client application, and indicates whether the overflow is stack-based or heap-based.

(1) FlashFXP 2.0 build 905

- Server response to a client's PASV command (stack)

- Overlong hostname provided by server (stack)

(2) SmartFTP 1.0.973

- Server response to a client's PWD command (stack)

- Server response to a client's LIST command (heap)

(3) LeapFTP 2.7.3.600

- Server response to a client's PASV command (stack)

(4) FTP Voyager 10.0.0.0

- Server response to a client's LIST command (stack)

Risk: Remote compromise of an FTP client system by a malicious FTP server. Successful attackers gain the privileges of the user running the client program.

Deployment: Significant.

According to CNet/Download.com on 6/12/03, the affected client software has been collectively downloaded more than 7 million times.

FlashFXP: 619,289 downloads

SmartFTP: 2,361,990 downloads

LeapFTP: 262,167 downloads

FTP Voyager: 4,519,874 downloads

Ease of Exploitation: Straightforward.

Most overflows are stack-based, and sufficient details are available for an attacker to begin crafting exploit code.

Status: In all cases the advisories indicate that the vendor has released fixed versions of the affected software.

Posted by watts on Monday, June 16, 2003 (07:55:59) (191 reads) [ Administration ]

"SmartFTP problem" | Login/Create an Account | 0 comments

The comments are owned by the poster. We aren't responsible for their content.