FreeFTPd user name buffer overflow

2005-12-08T00:00:00
ID SAINT:3C63B2AD63630BFDDCA758E4396799B8
Type saint
Reporter SAINT Corporation
Modified 2005-12-08T00:00:00

Description

Added: 12/08/2005
CVE: CVE-2005-3683
BID: 15457
OSVDB: 20909

Background

FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms.

Problem

An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command.

Resolution

Upgrade to the latest version of FreeFTPd.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0510.html>

Platforms

Windows 2000
Windows XP