FTP Desktop client多个基于堆的缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107478 漏洞类型 缓冲区溢出
发布时间 2003-09-08 更新时间 2003-09-17
CVE编号 CVE-2003-0766 CNNVD-ID CNNVD-200309-020
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23118
https://www.securityfocus.com/bid/82714
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200309-020
|漏洞详情
FTPDesktopclient3.5及其可能早期的版本存在多个基于堆的缓冲区溢出漏洞。远程恶意服务器借助(1)超长FTPbanner,(2)USER命令的超长响应,或者(3)PASS命令的超长响应执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/8560/info

A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 331 server responses from remote FTP servers. When FTP Desktop receives an FTP 331 response exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the affected FTP client.

Username:
---------
(FTP Desktop Sends 'USER username')
PADDING EBP EIP
331 [229xA][4xB][4xX]
(Access violation when executing 0x58585858) // 4xX

Password:
---------
(FTP Desktop Sends 'PASS password')
PADDING EBP EIP
331 [229xA][4xB][4xX]
(Access violation when executing 0x58585858) // 4xX
|受影响的产品
FTP Desktop FTP Desktop 3.5
|参考资料

来源:BUGTRAQ
名称:20030908MultipleHeapOverflowsinFTPDesktop
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106305502230604&w=2