| VID |
16085 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Ability FTP Server, according to its version number, has a 'STOR' Command Buffer Overflow Vulnerability.
Ability FTP Server is an FTP server for Microsoft Windows operating systems. Ability Server 2.3.4 and earlier versions are vulnerable to a buffer overflow vulnerability, caused by a improper boundary checking on the FTP 'STOR' command. By sending a specially crafted request containing an overly long argument to the 'STOR' command to the server, an authenticated remote attacker could overflow a buffer, which cause a denial of service or arbitrary code execution.
* Note: This check solely relied on the version number of the remote Ability FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=11030
http://securitytracker.com/alerts/2004/Oct/1011858.html
* Platforms Affected:
Code-Crafters, Ability Server 2.3.4 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of Ability Server, when new version fixed this problem becomes available from the Ability FTP Server Web site at http://www.code-crafters.com/abilityftpserver/index.html |
| Related URL |
CVE-2004-1626 (CVE) |
| Related URL |
11508 (SecurityFocus) |
| Related URL |
17823 (ISS) |
|
