Intersoft NetTerm Netftpd USER Buffer Overflow Vulnerability
BID:13396
Info
Intersoft NetTerm Netftpd USER Buffer Overflow Vulnerability
| Bugtraq ID: | 13396 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2005 12:00AM |
| Updated: | Apr 26 2005 12:00AM |
| Credit: | Discovery credited to shadown <[email protected]>. |
| Vulnerable: |
InterSoft NetTerm 4.2.2 |
| Not Vulnerable: | |
Discussion
Intersoft NetTerm Netftpd USER Buffer Overflow Vulnerability
Netftpd is prone to a buffer overflow in the USER command. When an abnormally long string is sent to the command, an internal buffer is overrun, potentially allowing for the execution of arbitrary code.
Netftpd is prone to a buffer overflow in the USER command. When an abnormally long string is sent to the command, an internal buffer is overrun, potentially allowing for the execution of arbitrary code.
Exploit / POC
Intersoft NetTerm Netftpd USER Buffer Overflow Vulnerability
The following exploit code is available; please note that 'netterm_netftpd_user_overflow.pm' is designed to work with the Metasploit framework:
The following exploit code is available; please note that 'netterm_netftpd_user_overflow.pm' is designed to work with the Metasploit framework:
Solution / Fix
Intersoft NetTerm Netftpd USER Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Intersoft NetTerm Netftpd USER Buffer Overflow Vulnerability
References:
References:
- InterSoft Hompage (InterSoft)
- NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit (shadown