From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Aug 02 2004 - 09:38:14 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
BlackJumboDog FTP Commands Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA12203

VERIFY ADVISORY:
http://secunia.com/advisories/12203/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
BlackJumboDog 3.x
http://secunia.com/product/3743/

DESCRIPTION:
Chew Keong TAN has reported a vulnerability in BlackJumboDog,
potentially allowing malicious people to compromise a vulnerable
system.

The vulnerability is caused due to a boundary error within the
handling of various FTP commands including "USER". The problem is
that the parameters are copied to a fixed length buffer and can be
exploited to cause a buffer overflow by sending a maliciously crafted
request.

This has been reported in version 3.6.1. Prior versions may also be
affected.

SOLUTION:
Reportedly, the vulnerability has been fixed in version 3.6.2:
http://homepage2.nifty.com/spw/software/bjd/

PROVIDED AND/OR DISCOVERED BY:
Chew Keong TAN

ORIGINAL ADVISORY:
http://www.security.org.sg/vuln/bjd361.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]