COMMAND

	BlackMoon FTPd buffer overflow vulnerability

SYSTEMS AFFECTED

	BlackMoon prior 1.5.2 Release #2 Build #1550

PROBLEM

	In Strumpf Noir Society Advisory :
	

	The BlackMoon FTP server is vulnerable to a buffer  overflow  condition.
	Due to the nature of these problems, this could lead to  arbitrary  code
	execution on a target machine.
	

	More specifically, the buffer which handles  the  received  data  before
	parsing it was incorrectly declared static in below code.
	

	

	CBuffer::CBuffer(const char * data, int len, int capacity_inc)

	{

	     bf_head = (char*)&staticBuf; //(char*)malloc(len * sizeof(char));

	     if(bf_head != NULL)

	     {

	         memcpy(bf_head,data,len);

	         bf_capacity = sizeof(staticBuf); //len;

	         bf_current_size = len;

	         bf_capacity_inc = capacity_inc;

	

	

	Due to this error, it  is  possible  to  overflow  this  buffer  through
	several  of  the  standard  ftp   commands   available   to   the   user
	(specifically \'USER\', \'PASS\' and \'CWD\') followed by  a  string  of
	data sized more than 4096 bytes.
	

	This will kill the BlackMoon FTP service (which  runs  under  the  local
	SYSTEM account) and allows for overwriting of EIP.

SOLUTION

	Available soon from :
	

	http://members.rogers.com/blackmoon2k/