WarFTPd USER/PASS Overflow

1998-03-19T00:00:00
ID OSVDB:875
Type osvdb
Reporter OSVDB
Modified 1998-03-19T00:00:00

Description

Vulnerability Description

WarFTPD contains a flaw that allows a remote attacker execute arbitrary code. The issue is due to improper bounds checking for the USER and PASS commands. If an attacker supplies a specially crafted request they may be able to overflow the buffer and execute arbitrary code with the same privileges as the server.

Solution Description

Upgrade to version 1.66x4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WarFTPD contains a flaw that allows a remote attacker execute arbitrary code. The issue is due to improper bounds checking for the USER and PASS commands. If an attacker supplies a specially crafted request they may be able to overflow the buffer and execute arbitrary code with the same privileges as the server.

References:

Vendor URL: http://support.jgaa.com/?cmd=ShowProduct&ID=1 ISS X-Force ID: 345 CVE-1999-0256