Go Back   FlashFXP Forums > > > >

General Discuss anything and everything related to FlashFXP

 
 
Thread Tools Display Modes
Old 05-09-2003, 04:37 PM   #1
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default **FIXED in v2.1 FINAL **[Security Issue Bug Report] FlashFXP Multiple Buffer Overflow

THIS HAS BEEN RESOLVED in FLASHFXP v2.1 FINAL

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings, FlashFXP Support Team.

I have found the Security Issue in your software, "FlashFXP 2.0 Build 905".
And I will report it here.

My english may not be good enough.

________________________________________

- ------------------------------------------------------------------
SUMMARY : FlashFXP Multiple Buffer Overflow Vulnerabilities
PRODUCT : FlashFXP
VERSION : 2.0 build 905
SEVERITY : Highest.
Code Execution.
DISCOVERED BY : nesumin <nesumin@softhome.net> [:: Operash ::]
REPORTED DATE : 2003/05/08
- ------------------------------------------------------------------

DESCRIPT:
===========

I have found two buffer overflow vulnerabilities in FlashFXP.

[1] HostName Buffer Overflow Vulnerability
[2] PASV Reply Buffer Overflow Vulnerability

These vulnerabilities are respectively Critical Security-Holes,
and can execute an arbitrary machine code as the privilege of
application process. These would allow the attacker to make
user's computer virus infected or system destructed, etc.


SYSTEMS AFFECTED:
===================

FlashFXP 2.0 build 905

and may be previous versions.


SYSTEMS NOT AFFECTED:
=======================

- ----


EXAMINES:
===========

FlashFXP 2.0 build 905 Windows 98SE JP
FlashFXP 2.0 build 905 Windows 2000 Professional SP3 JP


DETAILS:
===========

[1] HostName Buffer Overflow Vulnerability

Buffer overflow occurs in dealing with a HostName.
It occurs by copying the URL that has long HostName
if "ClipBoard Monitor" is enabled.
Over 0x90 bytes.

Example:
ftp://AAAAAAAAAAAAAA ... over 0x90 bytes ... /


This vulnerability can overwrite SEH records on the stack,
and can execute an arbitrary code by exploiting it.


------------------------------------------------------------------

[2] PASV Reply Buffer Overflow Vulnerability

Buffer overflow occurs in parsing PASV Reply from FTP Server.
It occurs by a long address data, over 0x90 bytes.

Example:
227 (AAAAAAAAAAAAAA ... over 0x90 bytes ... ,1,1,1,1,1)


This vulnerability can overwrite SEH records on the stack,
and can execute an arbitrary code by exploiting it.


___________________________________________

[End of Report]


I strongly recommend that you should fix these issue immediately
and announce correctly the information to users, then urge them
update the software.

And I am going to publish these issue's information to the Mailing List
"Bugtraq@securityfocus.com" and WEB Site etc after 2 weeks.


Best Regards,
nesumin <nesumin@softhome.net> [:: Operash ::]



-----BEGIN PGP SIGNATURE-----
Version: PGPB2 version 0.01.6 (beta 13)

iQA/AwUBPrlgx720j06h6p3lEQIORgCgmFNsjHE9h5mlt21rVPFLer NGRlsAoLKR
kMbXfHRDphiKZ7ewO4++LfUC
=C6rl
-----END PGP SIGNATURE-----
bigstar is offline  
 

Tags
905, buffer, flashfxp, overflow, vulnerability

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:49 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)