A buffer overflow in the Ability Server may allow remote authenticated attackers to execute arbitrary code.
A lack of input validation in Ability Server's FTP STOR command may allow a buffer overflow to occur. A remote authenticated attacker may be able to exploit this vulnerability by supplying the Ability Server with a specially crafted FTP STOR command.
According to reports, Ability Server versions 2.34, 2.25. and 2.32 are vulnerable. However, other versions may also be affected.
A remote authenticated attacker may be able to execute arbitrary code with the privileges of the Ability Server process or cause a denial-of-service condition.
We are currently unaware of a practical solution to this problem.
Block or Restrict Access
Block or restrict access to the Ability Server from untrusted hosts.
The Ability Server has been discontinued. Ability Server users are encouraged to upgrade to the Ability FTP Server to correct this issue.
Vendor| Status| Date Notified| Date Updated
Code-Crafters| | 17 Dec 2004| 22 Dec 2004
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was publicly reported in a Security Tracker Advisory.
Security Tracker credits K-Otik with providing information regarding this issue.
This document was written by Jeff Gennari.