Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:713092
HistorySep 29, 2006 - 12:00 a.m.

FileCOPA FTP server vulnerable to buffer overflow

2006-09-2900:00:00
www.kb.cert.org
18

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.146 Low

EPSS

Percentile

95.8%

JSON

Overview

There is a buffer overflow vulnerability in the FileCOPA FTP server which may allow an attacker to execute arbitrary code.

Description

FileCOPA is an FTP server for Microsoft Windows that supports anonymous file transfers.

There is a buffer overflow vulnerability in the FileCOPA FTP service (filecpnt.exe) that may occur when malformed input is passed to the server using common FTP commands. If anonymous connections to the server are allowed, an attacker would not need valid user credentials to exploit this vulnerability.

Impact

A remote, unauthenticated attacker may execute arbitrary code.

Solution

Upgrade
Upgrade to FileCOPA version 1.01.

Disable Anonymous Access
Disabling anonymous access may mitigate the impact of this vulnerability.

Restrict Access
Restricting network access to the server may prevent remote attackers from exploiting this vulnerability.

Vendor Information

713092

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Intervations, Inc. __ Affected

Updated: September 29, 2006

Status

Affected

Vendor Statement

We were first informed of this vulnerability on July 21st 2006. A fix was released that day and provided to all registered users (and users still using the 30 day trial) free of charge.

FileCOPA versions are dated. Any version showing a release date on the about screen newer than July 21st 2006 contains this patch.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Carsten Eiram, Secunia Research for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2006-3768
Severity Metric: 1.03 Date Public:

Related

nvd 1
cve 1
checkpoint_advisories 1
cvelist 1
securityvulns 1
nvd
nvd
CVE-2006-3768
2006-07-28 23:04:00
cve
cve
CVE-2006-3768
2006-07-28 23:04:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against FileCOPA FTP Server Buffer Overflow Vulnerability
2007-01-22 00:00:00
cvelist
cvelist
CVE-2006-3768
2006-07-28 23:00:00
securityvulns
securityvulns
[Full-disclosure] Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow
2006-07-26 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.146 Low

EPSS

Percentile

95.8%

JSON
Related for VU:713092
nvd1cve1checkpoint_advisories1cvelist1securityvulns1