From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Apr 07 2003 - 04:48:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Hyperion FTP Server MKD Buffer Overflow

READ ONLINE:
http://www.secunia.com/advisories/8527/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, DoS

WHERE:
From remote

SOFTWARE:
Hyperion FTP Server 3.x
Hyperion FTP Server 2.x

DESCRIPTION:
A vulnerability identified in Hyperion FTP Server can be exploited by
malicious users to cause a DoS (Denial of Service) on the FTP server
and potentially escalate their privileges on the system.

The vulnerability is caused by a boundary error in the handling of
user input supplied to the "MKD" command. A malicious user can
exploit this to cause a buffer overflow by supplying more than 251
bytes of specially crafted data to the vulnerable command. This will
crash Hyperion FTP Server and potentially allow execution of
arbitrary code with the privileges of the FTP server.

The vulnerability has been confirmed in version 2.7 and 3.0.

SOLUTION:
Allow only trusted users access to the FTP server and monitor their
actions.

REPORTED BY / CREDITS:
posidron

ORIGINAL ADVISORY:
http://www.tripbit.org/advisories/hyperion_advisory.txt

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]