PDF Print E-mail

#####################################################################################

Application:   Attachmate Reflection FTP Client Remote Code Execution

Platforms:   Windows

Exploitation:   Remote code execution

CVE Number:  

{PRL}:   2011-09

Author:   Francis Provencher (Protek Research Lab's)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Timeline
3) Technical details
4) PoC


#####################################################################################

===============
1) Introduction
===============


Attachmate Corporation is a software company owned by an investment group led by Francisco Partners,

Golden Gate Capital, and Thoma Cressey Bravo. Attachmate focuses on terminal emulation, legacy modernization,

managed file transfer, and enterprise fraud management software. Attachmate Corporation is a principal holding

within The Attachmate Group. In addition to Attachmate Corporation, The Attachmate Group's other principal

holdings include NetIQ, Novell, and SUSE.
#####################################################################################

============
2) Timeline
============


2011-09-26 - Vulnerability reported to vendor
2011-11-16 - Coordinated public release of advisory

#####################################################################################

=================
3) Technical details
=================

The Reflection FTP client, didnt validate the maximum length of a directory when a LIST command is issuing.

An overly long directory name can overflow the stack and corrupt memory.


#####################################################################################

=============
4) The Code
=============

Here


###############################################################################