1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: ElectraSoft 32Bit "LIST" Command Buffer Overflow

Attack: ElectraSoft 32Bit "LIST" Command Buffer Overflow

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in Electrasoft 32Bit FTP Cient 'LIST' Command which may result in arbitrary code execution.

Additional Information

The application is prone to a stack-based buffer-overflow vulnerability because it fails to properly validate the filenames sent as a response to the 'LIST' command in FTP connections before copying it into an insufficiently sized buffer. Attackers can leverage this issue to corrupt and overwrite memory. This may allow them to change the flow of execution and gain control of the affected application.

Affected

  • Electrasoft 32Bit FTP Client 10.09.01 is vulnerable; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube