CVE-2005-3683

Properties

Published:
17.11.2005
Updated:
22.11.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:I)
Product:
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd
freeFTPd: freeFTPd

Vulnerability description

Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.

References:

FULLDISC: http://marc.theaimsgroup.com/?l=full-disclosure&m=113213763821294&w=2
FULLDISC: http://marc.theaimsgroup.com/?l=full-disclosure&m=113216611924774&w=2
http://freeftpd.com/?ctt=changelog: http://freeftpd.com/?ctt=changelog
BID: http://www.securityfocus.com/bid/15457
FRSIRT: http://www.frsirt.com/english/advisories/2005/2458
OSVDB: http://www.osvdb.org/20909
SECTRACK: http://securitytracker.com/id?1015230
SECUNIA: http://secunia.com/advisories/17583
FULLDISC: http://marc.theaimsgroup.com/?l=full-disclosure&m=113213763821294&w=2
FULLDISC: http://marc.theaimsgroup.com/?l=full-disclosure&m=113216611924774&w=2
XF: http://xforce.iss.net/xforce/xfdb/23118