COMMAND

    SpoonFTP

SYSTEMS AFFECTED

    SpoonFTP

PROBLEM

    Following is based on a Strumpf Noir Society Advisories.  SpoonFTP
    is an ftp server from the hand of the makers of SpoonProxy for the
    various  MS  Windows  incarnations.   SpoonFTP  is  available from
    vendor Pi-Soft's website.

    The SpoonFTP  server doesn't  correctly apply  boundary checks  on
    the  'CWD'  and  'LIST'  commands.   Issueing  one of these to the
    server followed by respectively 530 and 531 bytes of data or  more
    will cause the server to die.

    Altough in the majority of the attempts internal errors will  kill
    the SpoonFTP process before any data can be passed on to the stack
    it is possible to use this to overwrite eip and execute  arbitrary
    code on the target machine.

    This was tested against SpoonFTP v1.0.0.12 on Win2k.

SOLUTION

    Vendor has been notified and  has verified the existence of  these
    problems.   SpoonFTP  v1.0.0.13  has  been  released  to deal with
    them.  Users are encouraged to upgrade.