| Enceladus
Server Suite v3.9 Buffer Overflow Vulnerability
Type Buffer Overflow Release Date December 09, 2002 Product / Vendor Enceladus Server Suite is an Internet/Intranet lightweight Web and FTP Server for Windows, provides secure file sharing on any network. Perfect for Broadband, Cable Modem, Small business and Personal Use. You don't have to be an expert to setup file sharing or run your own web site and FTP Server. This Server Suite is One of the Easiest To Install and Operate. Summary Enceladus Server Suite is vulnerable to a buffer overflow condition. An attacker may supply a long sequence of characters as an argument to "CD" command. If the length of the supplied string exceeds the size of its input buffer, the excess data will overwrite other variables on the stack and the stack frame itself. It is possible for a malicious user to craft a request that will result in code execution on the vulnerable system. An analysis for this vulnerability exists and is available below. ==================== SNIP ==================== ts@metacortex:~$ ftp 192.168.10.2 ==================== SNIP ==================== Tested Enceladus Server Suite v3.9 / Windows 2000 sp3 Vulnerable Enceladus Server Suite v3.9 / Windows 2000 sp3 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |