BlackJumboDog long parameter string buffer overflow
| blackjumbodog-long-string-bo (16842) |  High Risk |
Description:
BlackJumboDog is vulnerable to a buffer overflow. By sending a long FTP command, such as USER, PASS, RETR, CWD, XMKD, XRMD and possibly other commands, a remote attacker can overflow a buffer and execute arbitrary commands on the proxy.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of BlackJumboDog (3.6.2 or later), available from the Sapporo Works Web site. See References.
References:
- BlackJumboDog Web site: BlackJumboDog.
- SecuriTeam Advisory 14/9/2004: BlackJumboDog FTP Server Remote Code Execution.
- BID-10834: SapporoWorks Black JumboDog FTP Server Buffer Overflow Vulnerability
- CVE-2004-1439: Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
- SA12203: BlackJumboDog FTP Commands Buffer Overflow Vulnerability
- US-CERT VU#714584: BlackJumboDog contains buffer overflow vulnerability
Platforms Affected:
- SapporoWorks BlackJumboDog 3.6.1
Reported:
Jul 29, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net