BolinTech DreamFTP Server Format String

2004-02-07T00:00:00
ID OSVDB:4986
Type osvdb
Reporter badpack3t(badpack3t@security-protocols.com)
Modified 2004-02-07T00:00:00

Description

Vulnerability Description

A format string vulnerability exists within BolinTech DreamFTP server that may allow for an attacker to login with a username containing malicious format string values which will crash the application.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A format string vulnerability exists within BolinTech DreamFTP server that may allow for an attacker to login with a username containing malicious format string values which will crash the application.

Manual Testing Notes

C:>ftp [victim] Connected to [victim]. 220- ****** 220- 220- Welcome to Dream FTP Server 220- Copyright 2002 - 2004 220- BolinTech Inc. 220- 220- ******** 220- 220 User ([victim]:(none)): %n%n%n Connection closed by remote host.

Application Crashes

References:

Vendor URL: http://www.bolintech.com/ Secunia Advisory ID:10787 Other Advisory URL: http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722 Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2004-February/016871.html Keyword: SP Research Labs Advisory x09 ISS X-Force ID: 15070 CVE-2004-0277 Bugtraq ID: 9600