Reported June 09, 2003, by ::Operash::.

 

 

VERSIONS AFFECTED

 

  • SmartFTP FTP Client for Windows version 1.0.973

 

DESCRIPTION

 

<span style="font-family:Verdana">Two buffer-overflow vulnerabilities in SmartFTP FTP Client for Windows can result in the execution of arbitrary code on the vulnerable computer. These two vulnerabilities consist of the following:</h3> <span style="font-family:Verdana"> </h3> <span style="font-family: Symbol">·<span style='font:7.0pt "Times New Roman"'>         </h3></h3><span style="font-family:Verdana">If a server responds to a PWD command request with a reply to that contains a long address, a buffer overflow occurs on the stack area. </h3> <span style="font-family: Symbol">·<span style='font:7.0pt "Times New Roman"'>         </h3></h3><span style="font-family:Verdana">If a server returns a File List that contains a long string, the buffer overrun occurs on the heap area. </h3> <span style="font-family:Verdana"> </h3>

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.smartftp.com/" style="color: blue; text-decoration: underline; text-underline: single">SmartFTP</a> has released <a href="http://www.smartftp.com/download/" style="color: blue; text-decoration: underline; text-underline: single">version 1.0.976</a>, which doesn't contain these vulnerabilities.</h3>

 

CREDIT                                                                                                       
Discovered by :: Operash ::.