Quick n Easy FTP Server LIST Command Overflow

2006-07-18T10:33:58
ID OSVDB:27400
Type osvdb
Reporter h07(h07@interia.pl)
Modified 2006-07-18T10:33:58

Description

Vulnerability Description

A remote overflow exists in Quick n Easy FTP Server. The product fails to perform correct boundary checks on LIST commands resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Quick n Easy FTP Server. The product fails to perform correct boundary checks on LIST commands resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_server.html Secunia Advisory ID:21127 Other Advisory URL: http://www.securiteam.com/exploits/5WP0C2AJ5W.html ISS X-Force ID: 27839 FrSIRT Advisory: ADV-2006-2875 CVE-2006-3844 Bugtraq ID: 19067