ID OSVDB:8244 Type osvdb Reporter OSVDB Modified 2004-07-27T06:11:07
Description
Vulnerability Description
A remote overflow exists in Whisper FTP Surfer. The Whisper FTP Surfer fails to sufficiently check filename boundary, resulting in a buffer overflow. With a specially crafted request with an overly long filename, an attacker can cause a buffer overflow resulting in a denial of service or execution of arbitrary code on the system, resulting in a loss of availability and/or integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
A remote overflow exists in Whisper FTP Surfer. The Whisper FTP Surfer fails to sufficiently check filename boundary, resulting in a buffer overflow. With a specially crafted request with an overly long filename, an attacker can cause a buffer overflow resulting in a denial of service or execution of arbitrary code on the system, resulting in a loss of availability and/or integrity.
{"id": "OSVDB:8244", "bulletinFamily": "software", "title": "Whisper FTP Surfer Filename Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Whisper FTP Surfer. The Whisper FTP Surfer fails to sufficiently check filename boundary, resulting in a buffer overflow. With a specially crafted request with an overly long filename, an attacker can cause a buffer overflow resulting in a denial of service or execution of arbitrary code on the system, resulting in a loss of availability and/or integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA remote overflow exists in Whisper FTP Surfer. The Whisper FTP Surfer fails to sufficiently check filename boundary, resulting in a buffer overflow. With a specially crafted request with an overly long filename, an attacker can cause a buffer overflow resulting in a denial of service or execution of arbitrary code on the system, resulting in a loss of availability and/or integrity.\n## References:\nVendor URL: http://www.snapfiles.com/get/ftpsurfer.html\n[Secunia Advisory ID:12107](https://secuniaresearch.flexerasoftware.com/advisories/12107/)\nISS X-Force ID: 16742\n[CVE-2004-0739](https://vulners.com/cve/CVE-2004-0739)\nBugtraq ID: 10761\n", "published": "2004-07-27T06:11:07", "modified": "2004-07-27T06:11:07", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:8244", "reporter": "OSVDB", "references": [], "cvelist": ["CVE-2004-0739"], "type": "osvdb", "lastseen": "2017-04-28T13:20:03", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "0ef279dc236b7ff27f76d681e195b28b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "147aed1012bdab5845c9c8045d5489e6"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "7e7a7fca2261aff03cbe64360649bd4b"}, {"key": "href", "hash": "94005db19f552dbafa1b11d01d196c07"}, {"key": "modified", "hash": "e92cce287376f8fb2d7ec40f28be6718"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "e92cce287376f8fb2d7ec40f28be6718"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "7332f9a9647401a28f2e82c7c3072def"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "35be160caba2cdbb3868c1a6a6bb34db449651530a3d9ef09242c9d570daf3f4", "viewCount": 1, "objectVersion": "1.2", "affectedSoftware": [{"name": "Whisper FTP Surfer", "operator": "eq", "version": "1.0.7"}], "enchantments": {"vulnersScore": 4.7}}
{"result": {"cve": [{"id": "CVE-2004-0739", "type": "cve", "title": "CVE-2004-0739", "description": "Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename.", "published": "2004-07-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0739", "cvelist": ["CVE-2004-0739"], "lastseen": "2017-07-11T11:14:28"}]}}