| VID |
16089 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The SlimFTPd FTP Server, according to its banner, has an Command Buffer Overflow Vulnerability.
SlimFTPd, developed by WhitSoft Development, is a free FTP server for Microsoft Windows. SlimFTPd 3.15 and earlier versions are vulnerable to a buffer overflow, caused by a failure of the application to perform proper bounds checking on user-supplied strings prior to copying them into process buffers. By supplying a specially crafted command (e.g., CWD, STOR, MKD, STAT), a remote authenticated attacker, including an anonymous attacker, could overflow a buffer and possibly execute code on the system.
* Note: This check solely relied on the banner of the remote SlimFTPd server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2004/Nov/1012167.html
http://packetstormsecurity.nl/0411-exploits/101_slim.cpp
* Platforms Affected:
SlimFTPd 3.15 and prior
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of SlimFTPd (3.16 or later), available from the WhitSoft Development Web site at http://www.whitsoftdev.com/slimftpd/ |
| Related URL |
CVE-2004-2418 (CVE) |
| Related URL |
11645 (SecurityFocus) |
| Related URL |
18014 (ISS) |
|
