SlimFTPd FTP Command Handling Overflow

2004-11-10T00:00:00
ID OSVDB:11604
Type osvdb
Reporter class101(class101@dfind.kd-team.com)
Modified 2004-11-10T00:00:00

Description

Vulnerability Description

A remote overflow exists in SlimFTPd. Multiple FTP commands fail to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 3.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in SlimFTPd. Multiple FTP commands fail to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.whitsoftdev.com/slimftpd/ Security Tracker: 1012167 Secunia Advisory ID:13161 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0293.html ISS X-Force ID: 18014 CVE-2004-2418 Bugtraq ID: 11645