vxFtpSrv USER Command Remote Overflow

2005-09-14T10:47:00
ID OSVDB:19466
Type osvdb
Reporter Seth Fogie(contact@airscanner.com)
Modified 2005-09-14T10:47:00

Description

Vulnerability Description

A remote overflow exists in vxFtpSrv. The 'USER' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long user name, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in vxFtpSrv. The 'USER' command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long user name, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.cam.com/vxftpsrv.html Security Tracker: 1014911 Secunia Advisory ID:16837 Other Advisory URL: http://www.airscanner.com/security/05081102_vxftpsrv.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0153.html Keyword: Airscanner Mobile Security Advisory #05081102 CVE-2005-3031 Bugtraq ID: 14839