This vulnerability allows remote attackers to execute arbitrary code on installations of Golden FTP Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error with the handling of passwords. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted passwords passed to the affected server.
This vulnerability allows remote attackers to execute arbitrary code on installations with GlobalSCAPE Secure FTP Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error with the handling of overly long commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. Anonymous user accepted by the FTP server is required to exploit this vulnerability.
After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login to the FTP server (for example, ftp). However, the UID (as opposite to the EUID) of the agent will be that of the super user in most cases (usually 0), and it can be changed by using the setuid module (see "setuid"). When an anonymous user is used, or if the server is configured to do this for other users, the deployed agent will be running inside a chroot jail. This situation does not prevent the use of the agent, and after setting the EUID to that of the super user, the chroot breaker module (see "chroot breaker") can be used to escape the chroot jail.
Subscribe to Impact