FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability

Bugtraq ID:	30685
Class:	Boundary Condition Error
CVE:	CVE-2008-4321
Remote:	Yes
Local:	No
Published:	Aug 13 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Krystian Kloskowski
Vulnerable:	FlashGet FlashGet 1.9
Not Vulnerable:

FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability

FlashGet is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

FlashGet 1.9 is vulnerable; other versions may also be affected.

FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following exploits are available:

• /data/vulnerabilities/exploits/30685.py
• /data/vulnerabilities/exploits/30685.pl
• /data/vulnerabilities/exploits/30685_2.pl

FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

FlashGet FTP 'PWD' Response Remote Buffer Overflow Vulnerability

References:

• FlashGet Homepage (FlashGet)