 |
filecopa-exploit.txt - advisories - Security advisories that I have released to… |
 |
git clone git://jay.scot/advisories |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
filecopa-exploit.txt (1184B) |
|
--- |
|
1 FileCOPA FTP Server |
|
2 |
|
3 |
|
4 |
|
5 SUMMARY |
|
6 -------- |
|
7 |
|
8 FileCOPA takes the hard work out of running an FTP Server. The FileCOPA |
|
9 FTP Server Software installs on any version of the Microsoft Windows |
|
10 operating system with just a few clicks of the mouse and automatically |
|
11 configures itself for anonymous operation. |
|
12 |
|
13 |
|
14 |
|
15 IMPACT |
|
16 ------- |
|
17 |
|
18 Can lead to Denial of Service Attack and remote system access. |
|
19 |
|
20 |
|
21 |
|
22 VERSIONS |
|
23 --------- |
|
24 |
|
25 Vulnerable systems: |
|
26 * Unknown version number. |
|
27 * Version released 10/11/2005 |
|
28 |
|
29 Immune systems: |
|
30 * Version released after 28/11/2005 |
|
31 |
|
32 |
|
33 |
|
34 DESCRIPTION |
|
35 ------------ |
|
36 |
|
37 FileCOPA fails to check the CWD buffer the length of the input in |
|
38 the CMD FTP command. If you pass 1036 characters to CWD it will crash |
|
39 the FTP server allowing no more connections to the service. |
|
40 |
|
41 |
|
42 Proof of Concept: |
|
43 |
|
44 POC C code for a DOS attack and remote access exploit was given |
|
45 to the vendor. The POC is not for public release. |
|
46 |
|
47 |
|
48 Fix: |
|
49 |
|
50 Upgrade to latest version. |
|
51 |
|
52 |
|
53 |
|
54 |
|
55 ADDITIONAL INFORMATION |
|
56 ----------------------- |
|
57 |
|
58 Vendor URL - http://www.filecopa.com/ |
|
59 Underlying OS - Windows (Any) |
|
60 Credit - Jay Scott |
|
61 |
|
62 History - 18/11/05 - Vendor Contacted |
|
63 - 19/11/05 - Vendor Acknowledged |
|
64 - 21/11/05 - New version released |
|
65 |
