FileCOPA FTP Server



SUMMARY
--------

FileCOPA takes the hard work out of running an FTP Server.  The FileCOPA
FTP Server Software installs on any version of the Microsoft Windows 
operating system with just a few clicks of the mouse and automatically 
configures itself for anonymous operation.
	


IMPACT
-------

Can lead to Denial of Service Attack and remote system access. 



VERSIONS
---------

Vulnerable systems:
 * Unknown version number. 
 * Version released 10/11/2005

Immune systems:
 * Version released after 28/11/2005



DESCRIPTION
------------

FileCOPA fails to check the CWD buffer the length of the input in 
the CMD FTP command. If you pass 1036 characters to CWD it will crash 
the FTP server allowing no more connections to the service. 


Proof of Concept: 
	
	POC C code for a DOS attack and remote access exploit was given
	to the vendor. The POC is not for public release. 


Fix: 
	
	Upgrade to latest version. 
	
	


ADDITIONAL INFORMATION
-----------------------
	
Vendor URL	-	http://www.filecopa.com/
Underlying OS	-	Windows (Any)
Credit		-	Jay Scott <jay@jayscott.co.uk>

History		-	18/11/05 - Vendor Contacted
		-	19/11/05 - Vendor Acknowledged
		-	21/11/05 - New version released