Golden FTP Server Username Remote Buffer Overflow Vulnerability
BID:12704
Info
Golden FTP Server Username Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 12704 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2005 12:00AM |
| Updated: | Mar 02 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Carlos Ulver <[email protected]>. |
| Vulnerable: |
KMiNT21 Software Golden FTP Server 2.52 KMiNT21 Software Golden FTP Server 2.16 KMiNT21 Software Golden FTP Server 2.10 KMiNT21 Software Golden FTP Server 2.0 5b KMiNT21 Software Golden FTP Server 2.0 2b KMiNT21 Software Golden FTP Server 1.92 KMiNT21 Software Golden FTP Server 1.31 b KMiNT21 Software Golden FTP Server 1.30 b KMiNT21 Software Golden FTP Server 1.20 b KMiNT21 Software Golden FTP Server 1.0 0b |
| Not Vulnerable: | |
Discussion
Golden FTP Server Username Remote Buffer Overflow Vulnerability
A buffer overflow vulnerability is reported to affect Golden FTP Server. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments of excessive length.
By exploiting this issue to modify sensitive stack variables, an anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code.
This vulnerability is reported to affect Golden FTP Server version 1.92, other versions might also be affected.
A buffer overflow vulnerability is reported to affect Golden FTP Server. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments of excessive length.
By exploiting this issue to modify sensitive stack variables, an anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code.
This vulnerability is reported to affect Golden FTP Server version 1.92, other versions might also be affected.
Exploit / POC
Golden FTP Server Username Remote Buffer Overflow Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
Golden FTP Server Username Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Golden FTP Server Username Remote Buffer Overflow Vulnerability
References:
References:
- Golden FTP Server Home Page (KMiNT21 Software)
- Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005) (Reed Arvin
- Golden Ftp server 1.29 Username remote Buffer Overflow (Carlos Ulver
- Golden FTP Server Pro Remote Buffer Overflow Exploit ("mohamed amhemed"
- Golden FTP Server Pro remote stack BOF exploit (IHSTeam) ([email protected])