SpoonFTP Vulnerabilities
Created 6/18/01
CAN 2001-0781
Impact
An attacker could execute arbitrary code on the server
or crash the FTP service.
Background
The File Transfer Protocol (FTP) allows a client to store
or retrieve files on a server. SpoonFTP
is an FTP server for Windows.
The Problems
Due to insufficient boundary checking on the LIST
and CWD commands, it is possible for an
attacker to overflow a buffer by sending a large amount of
data with one of these commands. By overflowing the
buffer, the attacker can cause the FTP server to crash,
or overwrite the stack pointer, thus redirecting program
flow to arbitrary commands.
SpoonFTP 1.0.0.12 and earlier are affected by this vulnerability.
Resolution
Upgrade to SpoonFTP
1.0.0.13 or higher.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.