GlobalSCAPE Secure FTP Server Buffer Overflow (Parameter Handling)
17 Mar. 2004
A vulnerability in GlobalSCAPE Secure FTP Server allows a user issuing a long parameter (around 252 bytes) as a value for a SITE command, to cause the server to try and write to a value that is outside the memory location of the Secure FTP Server's memory. This in will cause an exception to be triggered (an un-handled exception), which causes the program to crash.
SecurITeam would like to thank STORM for finding this vulnerability.
* GlobalSCAPE Secure FTP Server version 2.0 Build 03.11.2004.2
* GlobalSCAPE Secure FTP Server version 2.0 Build 03.16.2004.1
To demonstrate this issue we will use the SITE ZIP command, even though SITE ZIP isn't a supported command, and will use SITE ZIP's parameter "/d:" provided after that command gets parsed, which causes the vulnerability.