FlashGet FTP PWD buffer overflow

2008-08-27T00:00:00
ID SAINT:271028483D1BA54073F5F45E82740CD6
Type saint
Reporter SAINT Corporation
Modified 2008-08-27T00:00:00

Description

Added: 08/27/2008
CVE: CVE-2008-4321
BID: 30685
OSVDB: 47457

Background

FlashGet is an FTP client formerly known as JetCar.

Problem

A buffer overflow in FlashGet allows command execution when a user connects to an FTP server which sends a specially crafted PWD response.

Resolution

Use a different FTP client.

References

<http://secunia.com/advisories/31481/>

Limitations

Exploit works on FlashGet 1.9.6.

Platforms

Windows 2000