Whisper FTP Surfer Filename Overflow

2004-07-27T06:11:07
ID OSVDB:8244
Type osvdb
Reporter OSVDB
Modified 2004-07-27T06:11:07

Description

Vulnerability Description

A remote overflow exists in Whisper FTP Surfer. The Whisper FTP Surfer fails to sufficiently check filename boundary, resulting in a buffer overflow. With a specially crafted request with an overly long filename, an attacker can cause a buffer overflow resulting in a denial of service or execution of arbitrary code on the system, resulting in a loss of availability and/or integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in Whisper FTP Surfer. The Whisper FTP Surfer fails to sufficiently check filename boundary, resulting in a buffer overflow. With a specially crafted request with an overly long filename, an attacker can cause a buffer overflow resulting in a denial of service or execution of arbitrary code on the system, resulting in a loss of availability and/or integrity.

References:

Vendor URL: http://www.snapfiles.com/get/ftpsurfer.html Secunia Advisory ID:12107 ISS X-Force ID: 16742 CVE-2004-0739 Bugtraq ID: 10761