YepYep MTFTPD Remote CWD Argument Format String Vulnerability
BID:12947
Info
YepYep MTFTPD Remote CWD Argument Format String Vulnerability
| Bugtraq ID: | 12947 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0958 CVE-2005-0959 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery of this vulnerability is credited to Tripbit. |
| Vulnerable: |
YepYep mtftpd 0.3 YepYep mtftpd 0.2 YepYep mtftpd .1a |
| Not Vulnerable: | |
Discussion
YepYep MTFTPD Remote CWD Argument Format String Vulnerability
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an including version 0.0.3.
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an including version 0.0.3.
Exploit / POC
YepYep MTFTPD Remote CWD Argument Format String Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
YepYep MTFTPD Remote CWD Argument Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
YepYep MTFTPD Remote CWD Argument Format String Vulnerability
References:
References:
- mtftpd Homepage (YepYep)
- Tripbit Security Advisory - TA-040305 (Tripbit)