Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310800948
HistoryOct 20, 2009 - 12:00 a.m.

CuteFTP Heap Based Buffer Overflow Vulnerability

2009-10-2000:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
10

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

CuteFTP is prone to a buffer overflow vulnerability.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800948");
  script_version("2023-07-27T05:05:08+0000");
  script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
  script_tag(name:"creation_date", value:"2009-10-20 14:26:56 +0200 (Tue, 20 Oct 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2009-3483");
  script_name("CuteFTP Heap Based Buffer Overflow Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Buffer overflow");
  script_dependencies("gb_cuteftp_detect.nasl");
  script_mandatory_keys("CuteFTP/Win/Ver");

  script_xref(name:"URL", value:"http://secunia.com/advisories/36874");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/53487");
  script_xref(name:"URL", value:"http://www.packetstormsecurity.org/0909-exploits/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to execute
  arbitrary code and potentially compromise a user's system.");
  script_tag(name:"affected", value:"CuteFTP Home/Pro/Lite 8.3.3, 8.3.3.54 on Windows.");
  script_tag(name:"insight", value:"The flaw is due to error in 'Create New Site' feature when
  connecting to sites having an overly long label. This can be exploited to
  corrupt heap memory by tricking a user into importing a malicious site list and
  connecting to a site having an overly long label.");
  script_tag(name:"solution", value:"Upgrade to version 8.3.4 or later.");
  script_tag(name:"summary", value:"CuteFTP is prone to a buffer overflow vulnerability.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");

  script_xref(name:"URL", value:"http://www.cuteftp.com/downloads");
  exit(0);
}

include("version_func.inc");

cVer = make_list();

foreach type( make_list( "Home", "Lite", "Professional" ) ) {

  tmpVer = get_kb_item("CuteFTP/" + type + "/Ver");
  if( ! isnull( tmpVer ) ) {
    cVer = make_list( cVer, tmpVer );
  }
}

foreach ver( cVer ) {
  if( version_is_equal( version:ver, test_version:"8.3.3" ) ||
      version_is_equal( version:ver, test_version:"8.3.3.54" ) ) {
    security_message( port:0 );
    exit( 0 );
  }
}

exit( 99 );

Related

cve 1
prion 1
kaspersky 1
cvelist 1
cve
cve
CVE-2009-3483
2009-09-30 15:30:00
prion
prion
Heap overflow
2009-09-30 15:30:00
kaspersky
kaspersky
KLA10131 DoS vulnerability in CuteFTP
2009-09-30 00:00:00
cvelist
cvelist
CVE-2009-3483
2009-09-30 15:00:00

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for OPENVAS:1361412562310800948
cve1prion1kaspersky1cvelist1