filecopa-exploit.txt - advisories - Security advisories that I have released to the public.
(HTM) git clone git://jay.scot/advisories
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
filecopa-exploit.txt (1184B)
---
1 FileCOPA FTP Server
2
3
4
5 SUMMARY
6 --------
7
8 FileCOPA takes the hard work out of running an FTP Server. The FileCOPA
9 FTP Server Software installs on any version of the Microsoft Windows
10 operating system with just a few clicks of the mouse and automatically
11 configures itself for anonymous operation.
12
13
14
15 IMPACT
16 -------
17
18 Can lead to Denial of Service Attack and remote system access.
19
20
21
22 VERSIONS
23 ---------
24
25 Vulnerable systems:
26 * Unknown version number.
27 * Version released 10/11/2005
28
29 Immune systems:
30 * Version released after 28/11/2005
31
32
33
34 DESCRIPTION
35 ------------
36
37 FileCOPA fails to check the CWD buffer the length of the input in
38 the CMD FTP command. If you pass 1036 characters to CWD it will crash
39 the FTP server allowing no more connections to the service.
40
41
42 Proof of Concept:
43
44 POC C code for a DOS attack and remote access exploit was given
45 to the vendor. The POC is not for public release.
46
47
48 Fix:
49
50 Upgrade to latest version.
51
52
53
54
55 ADDITIONAL INFORMATION
56 -----------------------
57
58 Vendor URL - http://www.filecopa.com/
59 Underlying OS - Windows (Any)
60 Credit - Jay Scott
61
62 History - 18/11/05 - Vendor Contacted
63 - 19/11/05 - Vendor Acknowledged
64 - 21/11/05 - New version released
65