| VID |
28101 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The CuteFTP client program, according to its version number, has multiple buffer overflow conditions (2).
CuteFTP is a commercially available FTP client for the Microsoft Windows platforms distributed by GlobalScape. GlobalScape CuteFTP version 6.0.0 and possibly earlier versions are vulnerable to multiple buffer overflow vulnerabilities in its command response functionality. A remote attacker could create a specially crafted FTP server, to hijack the memory pointer and overflow a buffer, and then could persuade a target user to visit it. Once the FTP server is connected, a remote attacker could could overflow a buffer, which cause a denial of service or arbitrary code execution.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-11/0394.html
* Platforms Affected:
GlobalSCAPE, Inc., CuteFTP Professional 6.0.0 and possibly earlier versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of December 2004.
Upgrade to the new version of CuteFTP, when new version fixed this problem becomes available from the GlobalSCAPE Web Site at http://www.globalscape.com/cuteftppro/ |
| Related URL |
(CVE) |
| Related URL |
11776 (SecurityFocus) |
| Related URL |
18309 (ISS) |
|
