6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.146 Low
EPSS
Percentile
95.8%
There is a buffer overflow vulnerability in the FileCOPA FTP server which may allow an attacker to execute arbitrary code.
FileCOPA is an FTP server for Microsoft Windows that supports anonymous file transfers.
There is a buffer overflow vulnerability in the FileCOPA FTP service (filecpnt.exe
) that may occur when malformed input is passed to the server using common FTP commands. If anonymous connections to the server are allowed, an attacker would not need valid user credentials to exploit this vulnerability.
A remote, unauthenticated attacker may execute arbitrary code.
Upgrade
Upgrade to FileCOPA version 1.01.
Disable Anonymous Access
Disabling anonymous access may mitigate the impact of this vulnerability.
Restrict Access
Restricting network access to the server may prevent remote attackers from exploiting this vulnerability.
713092
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 29, 2006
Affected
We were first informed of this vulnerability on July 21st 2006. A fix was released that day and provided to all registered users (and users still using the 30 day trial) free of charge.
FileCOPA versions are dated. Any version showing a release date on the about screen newer than July 21st 2006 contains this patch.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Carsten Eiram, Secunia Research for reporting this vulnerability.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-3768 |
---|---|
Severity Metric: | 1.03 Date Public: |