AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
BID:50614
Info
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 50614 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-5164 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 09 2011 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Node |
| Vulnerable: |
VanDyke AbsoluteFTP 2.2.10 Build 252 VanDyke AbsoluteFTP 2.2.7 Build 238 VanDyke AbsoluteFTP 2.2.5 Build 225 VanDyke AbsoluteFTP 2.2.5 Build 225 VanDyke AbsoluteFTP 2.2.3 Build 210 VanDyke AbsoluteFTP 2.2B3 Build 163 VanDyke AbsoluteFTP 2.2B2 Build 158 VanDyke AbsoluteFTP 2.2B1 Build 144 VanDyke AbsoluteFTP 2.2.9 Build 248 VanDyke AbsoluteFTP 2.2.8 Build 241 VanDyke AbsoluteFTP 2.2.6 Build 230 VanDyke AbsoluteFTP 2.2.6 Build 230 VanDyke AbsoluteFTP 2.2.4 Build 216 VanDyke AbsoluteFTP 2.2.4 Build 216 VanDyke AbsoluteFTP 2.2.2 Build 203 VanDyke AbsoluteFTP 2.2 Build 291 VanDyke AbsoluteFTP 2.2 Build 197 VanDyke AbsoluteFTP 2.0.5 Build 297 VanDyke AbsoluteFTP 2.0.4 Build 293 VanDyke AbsoluteFTP 2.0.3 Build 289 VanDyke AbsoluteFTP 1.9.6 |
| Not Vulnerable: | |
Discussion
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
AbsoluteFTP is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
AbsoluteFTP 1.9.6 through 2.2.10 are vulnerable; other versions may also be affected.
AbsoluteFTP is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
AbsoluteFTP 1.9.6 through 2.2.10 are vulnerable; other versions may also be affected.
Exploit / POC
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
References:
References:
- AbsoluteFTP Download Page (vandyke)