From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jul 11 2003 - 07:16:46 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
TurboFTP FTP Server Response Buffer Overflow Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9236/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
TurboFTP 3.x

DESCRIPTION:
A vulnerability has been identified in TurboFTP, which potentially
can be exploited by a malicious person to compromise a user's
system.

The vulnerability is caused due to a boundary error when handling
server responses. This can be exploited by returning an overly long,
specially crafted server response to a vulnerable client, which will
cause a buffer overflow.

Successful exploitation will crash the client. However, execution of
arbitrary code may potentially also be possible but has not been
proven.

The vulnerability has been reported in version 3.85 Build 304.
However, other versions may also be affected.

SOLUTION:
Reportedly, the vendor has stated that a patch may be issued if it is
proven that code execution is possible.

Use another product.

REPORTED BY / CREDITS:
Peter Winter-Smith

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]