BolinTech Dream FTP Server USER Remote Buffer Overflow Vulnerability
BID:22044
Info
BolinTech Dream FTP Server USER Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22044 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2007 12:00AM |
| Updated: | Jan 15 2007 04:50PM |
| Credit: | Discovery of this issue is credited to Marsu <[email protected]>. |
| Vulnerable: |
BolinTech Dream FTP Server 1.0.2 |
| Not Vulnerable: | |
Discussion
BolinTech Dream FTP Server USER Remote Buffer Overflow Vulnerability
A remote buffer-overflow vulnerability is reported in BolinTech Dream FTP Server. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite process buffers.
An attacker can exploit this issue to cause the affected server to crash and may be able to execute arbitrary code in the context of the process.
A remote buffer-overflow vulnerability is reported in BolinTech Dream FTP Server. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite process buffers.
An attacker can exploit this issue to cause the affected server to crash and may be able to execute arbitrary code in the context of the process.
Exploit / POC
BolinTech Dream FTP Server USER Remote Buffer Overflow Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
BolinTech Dream FTP Server USER Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
BolinTech Dream FTP Server USER Remote Buffer Overflow Vulnerability
References:
References:
- Dream FTP Server Homepage (BolinTech)