FTP CWD buffer overflow

ftp-servu (205) The risk level is classified as MediumMedium Risk

Description:

FTP Serv-U is vulnerable to a denial of service attack caused by a buffer overflow in the CWD command. By sending an argument to the CWD command containing a string of 155 characters or more, a remote attacker can overflow a buffer and crash the server or execute arbitrary code on the system.

Platforms Affected:

  • Apple, Mac OS
  • Cisco, IOS
  • Compaq, Tru64
  • Data General, DG/UX
  • HP, HP-UX
  • IBM, AIX
  • IBM, OS2
  • Linux, Kernel
  • Microsoft, Windows 2000
  • Microsoft, Windows 2003 Server
  • Microsoft, Windows 95
  • Microsoft, Windows 98
  • Microsoft, Windows 98SE
  • Microsoft, Windows Me
  • Microsoft, Windows NT 4.0
  • Microsoft, Windows XP
  • Novell, NetWare
  • Rhino Software, Serv-U FTP Server 2.5
  • SCO, SCO Unix
  • SGI, IRIX
  • Sun, Solaris
  • Various vendors, FTP
  • WindRiver, BSDOS

Remedy:

Upgrade to the latest version of Serv-U (3.1 or later), available from the Serv-U Web site. See References.

Consequences:

References:

Reported:

Jul 01, 1997

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page