WFTPD Server APPE Command Buffer Overflow Vulnerability
BID:20942
Info
WFTPD Server APPE Command Buffer Overflow Vulnerability
| Bugtraq ID: | 20942 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-5826 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2006 12:00AM |
| Updated: | Mar 26 2007 06:53PM |
| Credit: | Joxean Koret <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Texas Imperial Software WFTPD 3.23 |
| Not Vulnerable: | |
Discussion
WFTPD Server APPE Command Buffer Overflow Vulnerability
WFTPD is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application.
Version 3.23 is reportedly affected by this issue; other versions may also be affected.
WFTPD is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application.
Version 3.23 is reportedly affected by this issue; other versions may also be affected.
Exploit / POC
WFTPD Server APPE Command Buffer Overflow Vulnerability
The following exploit code is available for members of the Immunity Partner's Program:
https://www.immunityinc.com/downloads/immpartners/wtftpd.tar
The following exploit code is available for members of the Immunity Partner's Program:
https://www.immunityinc.com/downloads/immpartners/wtftpd.tar
Solution / Fix
WFTPD Server APPE Command Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
WFTPD Server APPE Command Buffer Overflow Vulnerability
References:
References:
- Immunity Partners Page (Immunity, Inc)
- WFTPD Homepage (Texas Imperial Software)