Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
BID:17810
Info
Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 17810 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2006 12:00AM |
| Updated: | May 03 2006 09:40PM |
| Credit: | Alexey Biznya is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Gene6 G6 FTP Server 3.1 |
| Not Vulnerable: | |
Discussion
Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
Gene6 FTP Server is prone to multiple buffer-overflow vulnerabilities when handling data through various commands.
Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
These issues may lead to a denial-of-service condition or the execution of arbitrary code.
This issue is reported to affect version 3.1.0; other versions may also be vulnerable.
Gene6 FTP Server is prone to multiple buffer-overflow vulnerabilities when handling data through various commands.
Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
These issues may lead to a denial-of-service condition or the execution of arbitrary code.
This issue is reported to affect version 3.1.0; other versions may also be vulnerable.
Exploit / POC
Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
This issue can be triggered through by using the Infigo FTPStress Fuzzer.
This issue can be triggered through by using the Infigo FTPStress Fuzzer.
Solution / Fix
Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
References:
References:
- Infigo FTPStress Fuzzer (Infigo)
- gene6 G6 FTP Server homepage (Gene6)
- Re: FTP Fuzzer (Alexey Biznya)