| VID |
16082 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Titan FTP Server, according to its version number, has a heap overflow vulnerability via the 'CWD' command. Titan FTP Server is an FTP server that supports Secure Sockets Layer (SSL) for Microsoft Windows operating systems. Titan FTP Server versions 3.21 and earlier are vulnerable to a remote heap overflow vulnerability, caused by insufficient boundary checks for user-supplied data. By sending a specially-crafted CWD command, a remote authenticated attacker could overflow a buffer and possibly execute arbitrary code on the system or cause the FTP service to crash.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-08/0405.html
http://packetstormsecurity.nl/0409-exploits/titanftp.c
* Platforms Affected:
South River Technologies, Titan FTP Server 3.21 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Titan FTP Server (3.30 or later), available from the South River Technologies Web site at http://www.southrivertech.com/products/titanftp/index.html |
| Related URL |
CVE-2004-1641 (CVE) |
| Related URL |
11069 (SecurityFocus) |
| Related URL |
17172 (ISS) |
|
