NetTerm NetFtpd USER Command Remote Overflow

2005-04-26T08:06:16
ID OSVDB:15865
Type osvdb
Reporter Sergio Alvarez(shadown@gmail.com)
Modified 2005-04-26T08:06:16

Description

Vulnerability Description

A remote overflow exists in NetTerm NetFtpd. NetFtpd fails to handle overly long input to the USER command resulting in a buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. According to the vendor, NetFtpd has been removed from NetTerm.

Short Description

A remote overflow exists in NetTerm NetFtpd. NetFtpd fails to handle overly long input to the USER command resulting in a buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://netterm.com/html/netterm.html Secunia Advisory ID:15140 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0573.html ISS X-Force ID: 20285 Generic Exploit URL: http://metasploit.com/projects/Framework/modules/exploits/netterm_netftpd_user_overflow.pm CVE-2005-1323 Bugtraq ID: 13396