Crystal FTP Pro Client Buffer Overflow

2004-12-21T00:00:00
ID SECURITYVULNS:DOC:7396
Type securityvulns
Reporter Securityvulns
Modified 2004-12-21T00:00:00

Description

Package: Crystal FTP Pro Auth: http://www.casdk.com/ Version: 2.8 (current release) and below Vulnerability Type: Arbitrary Command Execution

Crystal FTP Pro Description (from the Developer):

Crystal FTP Pro is a Top awarded FTP client for dummies and experts. The state of the art user-interface used in Crystal FTP Pro makes it possible for first time FTP users to be productive and transfer files over the Internet within minutes, and yet it satisfies FTP veterans with its highly configurable layout and easy access to advanced FTP tools. With the flexible Crystal FTP Pro, you can accomplish all FTP jobs with success. No matter if its publishing a web page, downloading demos, software, MP3 files and images or transferring high volume files over an unstable connection. Crystal FTP Pro does it all.

Vulnerability Description:

Crystal FTP Pro client, does not perform bound checking on the results returned by 'LIST' command. A malicious ftp server, could execute arbitrary code on the target user's client, replies to a 'LIST' command request with a file list that contain a long file extension.

Example:

le.AAAAAAAAAAAA...(over 250 characters)

The code will be executed with the privileges of the user running the ftp client.

Credits:

-- Luca Ercoli <luca.ercoli [at] inwind.it>