Lucene search

K
saintSAINT CorporationSAINT:B0C91DB6CC74DF71C22FA493E060BFA1
HistoryDec 08, 2005 - 12:00 a.m.

FreeFTPd user name buffer overflow

2005-12-0800:00:00
SAINT Corporation
download.saintcorporation.com
25

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.802

Percentile

98.4%

Added: 12/08/2005
CVE: CVE-2005-3683
BID: 15457
OSVDB: 20909

Background

FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms.

Problem

An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command.

Resolution

Upgrade to the latest version of FreeFTPd.

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0510.html

Platforms

Windows 2000
Windows XP

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.802

Percentile

98.4%