Multiple bugs in FTP clients
Published:		09.06.2003
Source:		BUGTRAQ
SecurityVulns ID:		2894
Type:		client
Level:		5/10
Description:		Bugs during parsing FTP server data.

Affected:		CEDSOFT : FlashFXP
		SMARTFTP : SmartFTP 1.0
		RHINO : FTP Voyager 10.0
		LEAPFTP : LeapFTP 2.7
CVE:		CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.)
		CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
		CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.)

Original document		nesumin, [LeapFTP] "PASV" Reply Buffer Overflow Vulnerability (09.06.2003)
		nesumin, [FTP Voyager] File List Buffer Overflow Vulnerability (09.06.2003)
		nesumin, [SmartFTP] Two Buffer Overflow Vulnerabilities (09.06.2003)
		nesumin, [FlashFXP] Two Buffer Overflow Vulnerabilities (09.06.2003)

Files:		LeapFTP remote buffer overflow exploit
		FlashFXP V 3.4.0 build 1145 Buffer Overflow DoS
		SmartFTP Client v 2.0.1002 Heap Overflow DoS
Discuss:		Read or add your comments to this news (0 comments)