| VID |
16098 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The BlackJumboDog FTP server, according to its banner, has multiple buffer overflow vulnerabilities in multiple FTP commands. BlackJumboDog is an FTP server developed by SapporoWorks for Microsoft Windows platforms. BlackJumboDog versions 3.x prior or equal to 3.6.1 are vulnerable to multiple buffer overflows. By sending a specially-crafted FTP command, such as USER, PASS, RETR, CWD, XMKD, XRMD and possibly other commands, a remote attacker can overflow a buffer and execute arbitrary code on the affected FTP server. These issues can be exploited before authenticating to the FTP server.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securiteam.com/exploits/5FP0I15E0G.html
http://www.securitytracker.com/alerts/2004/Jul/1010807.html
* Platforms Affected:
SapporoWorks, BlackJumboDog versions 3.x prior or equal to 3.6.1
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of BlackJumboDog (3.6.2 or later), available from the Sapporo Works Web site at http://homepage2.nifty.com/spw/bjd/ |
| Related URL |
CVE-2004-1439 (CVE) |
| Related URL |
10834 (SecurityFocus) |
| Related URL |
16842 (ISS) |
|
