VicFTPS Remote Buffer Overflow Vulnerability
BID:22608
Info
VicFTPS Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22608 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1014 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Discovery of this issue is credited to r0ut3r. |
| Vulnerable: |
VicFTPS VicFTPS 3.9 |
| Not Vulnerable: |
VicFTPS VicFTPS 5.0 |
Discussion
VicFTPS Remote Buffer Overflow Vulnerability
A remote buffer-overflow vulnerability is reported in VicFTPS. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite-sized process buffers.
An attacker can exploit this issue to cause the affected server to crash and may be able to execute arbitrary code in the context of the server process.
VicFTPS versions prior to 5.0 are vulnerable to this issue.
A remote buffer-overflow vulnerability is reported in VicFTPS. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite-sized process buffers.
An attacker can exploit this issue to cause the affected server to crash and may be able to execute arbitrary code in the context of the server process.
VicFTPS versions prior to 5.0 are vulnerable to this issue.
Exploit / POC
VicFTPS Remote Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
VicFTPS Remote Buffer Overflow Vulnerability
Solution:
The vendor has released version 5.0 of VicFTPS to address this issue.
Solution:
The vendor has released version 5.0 of VicFTPS to address this issue.