SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   FileZilla Vendors:   filezilla.sourceforge.net
(FileZilla Issues Fix) PuTTY SFTP/SCP Integer Overflow in Processing FXP_OPEN and FXP_READDIR Responses Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013292
SecurityTracker URL:  http://securitytracker.com/id/1013292
CVE Reference:   CVE-2005-0467   (Links to External Site)
Date:  Feb 24 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.11
Description:   iDEFENSE reported some integer overflow vulnerabilities in the PuTTY SFTP and SCP client. A remote server may be able to execute arbitrary code on the PuTTY client. FileZilla includes PuTTY and is affected.

The PuTTY SFTP and SCP clients do not properly process certain fields in the SSH File Transfer Protocol (SFTP). A remote SFTP server that has passed the host key verification process can supply a specially crafted response to a connected client in response to the target client's FXP_OPEN request to trigger a heap overflow. The flaw resides in the sftp_pkt_getstring() function in 'sftp.c'.

The clients also do not properly process the server-supplied response to the SFTP FXP_READDIR command. If the target user connects to a malicious remote server and issues an 'ls' or 'dir' command via the SFTP client or an 'ls' command line parameter via the SCP client, an integer overflow can be triggered. The flaw resides in fxp_readdir_recv() function in 'sftp.c', where a large directory count can overflow an integer value.

A remote server may be able to cause arbitrary code to be executed on the target user's system with the privileges of the target user.

The vendor was notified on February 18, 2005.

Gael Delalleau dicscovered this vulnerability.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=201&type=vulnerabilities

Impact:   A remote server can cause arbitrary code to be executed on the target user's system. The code will run with the privileges of the target user.
Solution:   FileZilla is affected by the PuTTY vulnerability. A fixed version of FileZilla (2.2.11) is available at:

http://sourceforge.net/project/showfiles.php?group_id=21558

Vendor URL:  sourceforge.net/projects/filezilla/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 21 2005 PuTTY SFTP/SCP Integer Overflow in Processing FXP_OPEN and FXP_READDIR Responses Lets Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC