Check Point Advisories

Preemptive Protection against FileCOPA FTP Server Buffer Overflow Vulnerability

Check Point Reference: CPAI-2007-009
Date Published: 22 Jan 2007
Severity: Medium
Last Updated: Monday 30 April, 2007
Source: Secunia Research: 25/07/2006
Industry Reference:CVE-2006-3768
Protection Provided by:
Who is Vulnerable? FileCOPA version 1.01 (released on 2006-07-18)
Vulnerability Description FileCOPA FTP server is an FTP server application for Microsoft Windows used for anonymous operations. A denial of service vulnerability has been reported in FileCOPA FTP Server. The vulnerability could be exploited by remote attackers to crash the application via a specially crafted FTP command sent to an affected server.
Update/Patch AvaliableUpgrade to FileCOPA version 1.01 (released on 2006-07-21):
http://www.filecopa.com/download.html
Vulnerability DetailsThe vulnerability is caused due to a buffer overflow error in the FTP service (filecpnt.exe) when handling overly long arguments passed to certain FTP commands (CWD, DELE, MDTM and MKD). A remote attacker can exploit this flaw via a specially crafted FTP command with an overly long string in its parameter. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK