J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Marbry Software FTPServer/X Controls Server Response Buffer Overflow Vulnerability

Severity: HIGH

Description:

Marbry Software FTPServer/X is an ActiveX Control and COM Object, designed to be incorporated into FTP server software for Microsoft Windows platforms.

FTPServer/X control has been reported prone to a buffer overflow vulnerability when processing server responses of excessive length.

The issue presents itself, likely due to a lack of sufficient bounds checking performed by wsprintf() when copying attacker-supplied data into an internal memory buffer. The data contained in this buffer, under normal circumstances, is transmitted to the remote user as a part of an FTP server status response message.

A remote attacker may supply a string of excessive length as a username (>=1017 bytes) during the authentication process, or may simply supply a malicious command of excessive length (>=1022 bytes) during an authorized FTP session. When the malicious string is copied into a fixed internal memory buffer, data that exceeds the size of the assigned buffer will overrun its bounds and corrupt adjacent memory. It has been reported that memory adjacent to the affected buffer contains pointers and a saved return address, both of which are crucial to the control of program execution flow. It is therefore likely that an attacker may exploit this condition to seize control of the vulnerable FTP server, and have arbitrary operation codes executed in the context of the user that is running the server. A remote attacker may also exploit this condition to trigger a persistent denial of service condition for legitimate FTP users; the server would require a restart to resume normal functionality.

It should be noted that any software that implements the Marbry Software FTPServer/X control, is likely affected by this vulnerability. It has been confirmed that this control is in use by Mollensoft(Hyperion) FTP Server. This issue is related to BID 7307 and possibly BID 6345.

Affected Products:

  • Mabry Software FTPServer/X 1.0.45
  • Mabry Software FTPServer/X 1.0.46
  • Mollensoft Software Hyperion FTP Server 3.5.2

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.