The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


South River WebDrive Buffer Overflow Vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Tue, 21 Feb 2006 23:34:17 -0800 (PST)
From: Adrian Castro <acastro@linuxquestions.net.>
To: [email protected]
Subject: South River WebDrive Buffer Overflow Vulnerability
Reply-To: [email protected]
X-Originating-Ip: [68.70.86.122]
Message-Id: <20060221233417.23B5FCE0@dm21.mta.everyone.net.>
X-Virus-Scanned: antivirus-gw at tyumen.ru

South River WebDrive Buffer Overflow Vulnerability

     ---Summary---

     Software  Affected: South River WebDrive
     Software Versions Tested:  6.08 build 1131
     Vendors URL:        http://www.webdrive.com
     Vulnerability Type: Boundary Condition Error
     Credit:             Discovered by Adrian Castro
     Proof of Concept:   None Provided
     Attack Vector:      Local
     Threat Level:       Medium

     ---Vendors Product Description---

     WebDrive is more than just an FTP Client. By connecting to WebDAV, FTP, or SFTP servers through a virtual drive, files are transferred by simply saving them to a drive letter. There's no need to run a separate FTP client interface. Unlike typical FTP clients, WebDrive lets you open and edit server-based files without the additional download step.


To install WebDrive on Windows NT/2000/XP you must have administrator privileges.  Once installed you can use WebDrive from any NT user account.

    ---Vulnerability Description---

     The name entry field in WebDrive is prone to a buffer overflow vulnerability due to a programming error.  The name field allows for 257 characters to be copied to a 256 character buffer.  Successful exploitation causes the program to fail, and behave erratically/crash on future runs of the program.


This vulnerability affects WebDrive 8 running on Windows 2000 SP4, and Windows XP Professional SP2. Other versions of WebDrive and Windows may also be affected.

   ---Solution---

   None at this time.


_____________________________________________________________
Thank you for choosing LinuxQuestions.
http://www.linuxquestions.org


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру