| VID |
16061 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The CesarFTP, according to its version number, has a buffer overflow vulnerability via FTP commands.
CesarFTP is a free Windows FTP server developed by Alexandre Cesari. CesarFTP version 0.99g and earlier is vulnerable to a buffer overflow attack. A remote attacker could supply a properly-structured argument to an affected command, designed to exceed the maximum length of the input buffer. This could allow the attacker to overflow the buffer and execute arbitrary commands on the system. The vulnerable commands are HELP, USER, PASS, PORT, DELE, REST, RMD, and MKD.
* Note: This check solely relied on the version of remote CesarFTP to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2001-07/0001.html
http://archives.neohapsis.com/archives/bugtraq/2001-07/0070.html
* Platforms Affected:
CesarFTP 0.99g and earlier
Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2014. Recommend that de-install this package and use another solution or package. |
| Related URL |
CVE-2001-0826 (CVE) |
| Related URL |
7950,7946 (SecurityFocus) |
| Related URL |
6768 (ISS) |
|
