WarFTP Username Stack-Based Buffer-Overflow Vulnerability
BID:22944
Info
WarFTP Username Stack-Based Buffer-Overflow Vulnerability
| Bugtraq ID: | 22944 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1567 CVE-1999-0256 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2007 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | This issue was disclosed as part of the Immunity Partner's program. |
| Vulnerable: |
War FTP Daemon WarFTP 1.65 |
| Not Vulnerable: | |
Discussion
WarFTP Username Stack-Based Buffer-Overflow Vulnerability
WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code in the context of the application.
WarFTP 1.65 is vulnerable; other versions may also be affected.
WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code in the context of the application.
WarFTP 1.65 is vulnerable; other versions may also be affected.
Exploit / POC
WarFTP Username Stack-Based Buffer-Overflow Vulnerability
The following exploit is available to members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/warftp_165.tar
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are also available:
The following exploit is available to members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/warftp_165.tar
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are also available:
Solution / Fix
WarFTP Username Stack-Based Buffer-Overflow Vulnerability
Solution:
Reports indicate that the vendor fixed this issue in version 1.80. Please contact the vendor for more information.
Solution:
Reports indicate that the vendor fixed this issue in version 1.80. Please contact the vendor for more information.
References
WarFTP Username Stack-Based Buffer-Overflow Vulnerability
References:
References:
- Immunity Partner's Page (Immunity)
- Vendor Homepage (WarFTP)
- War FTP Daemon 1.80 (Current) (Jgaa's Internet - Software and Internet technology)