SmbFTPD SMBDirList Format String Vulnerability
BID:25871
Info
SmbFTPD SMBDirList Format String Vulnerability
| Bugtraq ID: | 25871 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5184 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 30 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Jerry Illikainen discovered this issue. |
| Vulnerable: |
SmbFTPD SmbFTPD 0.96 |
| Not Vulnerable: |
SmbFTPD SmbFTPD 0.97 |
Discussion
SmbFTPD SMBDirList Format String Vulnerability
SmbFTPD is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize filenames.
A successful attack may allow attackers to crash the application or possibly to execute arbitrary code in the context of the user running the application.
Versions prior to SmbFTPD 0.97 are vulnerable to this issue.
SmbFTPD is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize filenames.
A successful attack may allow attackers to crash the application or possibly to execute arbitrary code in the context of the user running the application.
Versions prior to SmbFTPD 0.97 are vulnerable to this issue.
Exploit / POC
SmbFTPD SMBDirList Format String Vulnerability
Exploit code is available.
Exploit code is available.
Solution / Fix
SmbFTPD SMBDirList Format String Vulnerability
Solution:
The vendor has released SmbFTPD 0.97 to address this issue.
SmbFTPD SmbFTPD 0.96
Solution:
The vendor has released SmbFTPD 0.97 to address this issue.
SmbFTPD SmbFTPD 0.96
-
SmbFTPD smbftpd-0.97.tar.gz
http://downloads.sourceforge.net/smbftpd/smbftpd-0.97.tar.gz?modtime=1 191119872&big_mirror=0
References
SmbFTPD SMBDirList Format String Vulnerability
References:
References:
- Release Name: 0.97 ( SmbFTPD)
- SmbFTPD Home Page (SmbFTPD)
- smbftpd 0.96 format string vulnerability (Jerry Illikainen)