Golden FTP Server Remote Buffer Overflow Vulnerability

Bugtraq ID:	12333
Class:	Boundary Condition Error
CVE:	CVE-2005-0566
Remote:	Yes
Local:	No
Published:	Jan 22 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	barabas mutsonline <[email protected]> disclosed this vulnerability.
Vulnerable:	KMiNT21 Software Golden FTP Server 2.0 2b KMiNT21 Software Golden FTP Server 1.31 b KMiNT21 Software Golden FTP Server 1.30 b KMiNT21 Software Golden FTP Server 1.20 b KMiNT21 Software Golden FTP Server 1.0 0b
Not Vulnerable:	KMiNT21 Software Golden FTP Server 2.0 5b

Golden FTP Server Remote Buffer Overflow Vulnerability

Golden FTP Server is reported susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it to an insufficiently sized memory buffer.

This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application.

Versions prior to 2.05b are reportedly affected by this vulnerability.

Golden FTP Server Remote Buffer Overflow Vulnerability

A proof of concept exploit was provided by barabas mutsonline <[email protected]>:

• /data/vulnerabilities/exploits/goldenftpserver.pl

Golden FTP Server Remote Buffer Overflow Vulnerability

Solution:
The vendor has released version 2.05b to address this issue. Please contact the vendor to obtain the fixed version of the application.

Golden FTP Server Remote Buffer Overflow Vulnerability

References:

• Golden FTP Server Home Page (KMiNT21 Software)